conf{ile}: detect ns{g,u}id mapping for root

Closes lxc#2033. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
geaaru · Jul 4, 2018 · 067091b · 067091b
1 parent 7148a12
commit 067091b
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 1 deletion.
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
@@ -2573,6 +2573,8 @@ struct lxc_conf *lxc_conf_init(void)
 	lxc_list_init(&new->caps);
 	lxc_list_init(&new->keepcaps);
 	lxc_list_init(&new->id_map);
+	new->root_nsuid_map = NULL;
+	new->root_nsgid_map = NULL;
 	lxc_list_init(&new->includes);
 	lxc_list_init(&new->aliens);
 	lxc_list_init(&new->environment);

diff --git a/src/lxc/conf.h b/src/lxc/conf.h
@@ -282,7 +282,15 @@ struct lxc_conf {
 	signed long personality;
 	struct utsname *utsname;
 	struct lxc_list cgroup;
-	struct lxc_list id_map;
+	struct {
+		struct lxc_list id_map;
+		/* Pointer to the idmap entry for the container's root uid in
+		 * the id_map list. Do not free! */
+		struct id_map *root_nsuid_map;
+		/* Pointer to the idmap entry for the container's root gid in
+		 * the id_map list. Do not free! */
+		struct id_map *root_nsgid_map;
+	};
 	struct lxc_list network;
 	int auto_mounts;
 	struct lxc_list mount_list;

diff --git a/src/lxc/confile.c b/src/lxc/confile.c
@@ -1681,6 +1681,16 @@ static int set_config_idmaps(const char *key, const char *value,
 	idmap->range = range;
 	idmaplist->elem = idmap;
 	lxc_list_add_tail(&lxc_conf->id_map, idmaplist);
+
+	if (!lxc_conf->root_nsuid_map && idmap->idtype == ID_TYPE_UID)
+		if (idmap->nsid == 0)
+			lxc_conf->root_nsuid_map = idmap;
+
+
+	if (!lxc_conf->root_nsuid_map && idmap->idtype == ID_TYPE_GID)
+		if (idmap->nsid == 0)
+			lxc_conf->root_nsgid_map = idmap;
+
 	idmap = NULL;
 
 	return 0;