chown_mapped_root: fix assumption that calling uid == gid

Because if they are not, then we'll fail trying to map that gid into the container. The function doesn't change any gids, but lxc-usernsexec always does setgid(0), so just map getgid() to 0 in the container. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

chown_mapped_root: fix assumption that calling uid == gid
98e5ba51 · Serge Hallyn · Stéphane Graber · e1a2f898 · 98e5ba51
Commit 98e5ba51 authored Nov 28, 2013 by Serge Hallyn Committed by Stéphane Graber Nov 28, 2013
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 7 deletions

conf.c src/lxc/conf.c +14 -7

No files found.
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3349,19 +3349,26 @@ int chown_mapped_root(char *path, struct lxc_conf *conf)
 	}
 	if (!pid) {
 		int hostuid = geteuid(), ret;
-		char map1[100], map2[100];
+		char map1[100], map2[100], map3[100];
-		char *args[] = {"lxc-usernsexec", "-m", map1, "-m", map2, "--", "chown",
+		char *args[] = {"lxc-usernsexec", "-m", map1, "-m", map2, "-m",
-				 "0", path, NULL};
+				 map3, "--", "chown", "0", path, NULL};
-		// "b:0:rootid:1"
+		// "u:0:rootid:1"
-		ret = snprintf(map1, 100, "b:0:%d:1", rootid);
+		ret = snprintf(map1, 100, "u:0:%d:1", rootid);
 		if (ret < 0 || ret >= 100) {
 			ERROR("Error uid printing map string");
 			return -1;
 		}
-		// "b:hostuid:hostuid:1"
+		// "u:hostuid:hostuid:1"
-		ret = snprintf(map2, 100, "b:%d:%d:1", hostuid, hostuid);
+		ret = snprintf(map2, 100, "u:%d:%d:1", hostuid, hostuid);
+		if (ret < 0 || ret >= 100) {
+			ERROR("Error uid printing map string");
+			return -1;
+		}
+		// "g:0:hostgid:1"
+		ret = snprintf(map3, 100, "g:0:%d:1", getgid());
 		if (ret < 0 || ret >= 100) {
 			ERROR("Error uid printing map string");
 			return -1;