conf: error out on too many mappings

The kernel only allows 4k writes to most files in /proc including {g,u}id_map so let's not try to write partial mappings. (This will obviously become a lot more relevant when my patch to extend the idmap limit in the kernel is merged.) Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: error out on too many mappings
de748b7d · Christian Brauner · Stéphane Graber · e29179e5 · de748b7d
Unverified Commit de748b7d authored Oct 16, 2017 by Christian Brauner Committed by Stéphane Graber Oct 17, 2017
Show whitespace changes
Inline Side-by-side

Showing with 7 additions and 5 deletions

conf.c src/lxc/conf.c +7 -5

No files found.
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2621,9 +2621,6 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
 			pos += sprintf(mapbuf, "new%cidmap %d", u_or_g, pid);
 		lxc_list_for_each(iterator, idmap) {
-			/* The kernel only takes <= 4k for writes to
-			 * /proc/<nr>/[ug]id_map
-			 */
 			map = iterator->elem;
 			if (map->idtype != type)
 				continue;
@@ -2635,8 +2632,13 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
 					use_shadow ? " " : "", map->nsid,
 					map->hostid, map->range,
 					use_shadow ? "" : "\n");
-			if (fill <= 0 || fill >= left)
+			if (fill <= 0 || fill >= left) {
-				SYSERROR("Too many {g,u}id mappings defined.");
+				/* The kernel only takes <= 4k for writes to
+				 * /proc/<pid>/{g,u}id_map
+				 */
+				SYSERROR("Too many %cid mappings defined", u_or_g);
+				return -1;
+			}
 			pos += fill;
 		}