mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-22 20:45:18 +00:00
LXC: Fix virLXCControllerSetupDevPTS() wrt user namespaces
The gid value passed to devpts has to be translated by hand as
virLXCControllerSetupDevPTS() is called before setting up the user
and group mappings.
Otherwise devpts will use an unmapped gid and openpty()
will fail within containers.
Linux kernel commit 23adbe12
("fs,userns: Change inode_capable to capable_wrt_inode_uidgid")
uncovered that issue.
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Richard Weinberger
Ján Tomko
parent
49cd6815d6
commit
41885a0224
@ -1164,6 +1164,20 @@ static int virLXCControllerMain(virLXCControllerPtr ctrl)
|
|||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static unsigned int
|
||||||
|
virLXCControllerLookupUsernsMap(virDomainIdMapEntryPtr map,
|
||||||
|
int num,
|
||||||
|
unsigned int src)
|
||||||
|
{
|
||||||
|
size_t i;
|
||||||
|
|
||||||
|
for (i = 0; i < num; i++) {
|
||||||
|
if (src > map[i].start && src < map[i].start + map[i].count)
|
||||||
|
return map[i].target + (src - map[i].start);
|
||||||
|
}
|
||||||
|
|
||||||
|
return src;
|
||||||
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
virLXCControllerSetupUsernsMap(virDomainIdMapEntryPtr map,
|
virLXCControllerSetupUsernsMap(virDomainIdMapEntryPtr map,
|
||||||
@ -1930,6 +1944,7 @@ virLXCControllerSetupDevPTS(virLXCControllerPtr ctrl)
|
|||||||
char *opts = NULL;
|
char *opts = NULL;
|
||||||
char *devpts = NULL;
|
char *devpts = NULL;
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
|
gid_t ptsgid = 5;
|
||||||
|
|
||||||
VIR_DEBUG("Setting up private /dev/pts");
|
VIR_DEBUG("Setting up private /dev/pts");
|
||||||
|
|
||||||
@ -1949,10 +1964,15 @@ virLXCControllerSetupDevPTS(virLXCControllerPtr ctrl)
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (ctrl->def->idmap.ngidmap)
|
||||||
|
ptsgid = virLXCControllerLookupUsernsMap(ctrl->def->idmap.gidmap,
|
||||||
|
ctrl->def->idmap.ngidmap,
|
||||||
|
ptsgid);
|
||||||
|
|
||||||
/* XXX should we support gid=X for X!=5 for distros which use
|
/* XXX should we support gid=X for X!=5 for distros which use
|
||||||
* a different gid for tty? */
|
* a different gid for tty? */
|
||||||
if (virAsprintf(&opts, "newinstance,ptmxmode=0666,mode=0620,gid=5%s",
|
if (virAsprintf(&opts, "newinstance,ptmxmode=0666,mode=0620,gid=%u%s",
|
||||||
(mount_options ? mount_options : "")) < 0)
|
ptsgid, (mount_options ? mount_options : "")) < 0)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
VIR_DEBUG("Mount devpts on %s type=tmpfs flags=%x, opts=%s",
|
VIR_DEBUG("Mount devpts on %s type=tmpfs flags=%x, opts=%s",
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user