[libvirt] [PATCH 2/2] lxc: Add virCgroupSetOwner()
Add a new helper function to change the permissions
of a control group.
Signed-off-by: Richard Weinberger <richard(a)nod.at>
---
src/lxc/lxc_controller.c | 7 +++++++
src/util/vircgroup.c | 43 +++++++++++++++++++++++++++++++++++++++++++
src/util/vircgroup.h | 2 ++
3 files changed, 52 insertions(+)
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index f7b614b..6e348b3 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -2223,6 +2223,13 @@ virLXCControllerRun(virLXCControllerPtr ctrl)
goto cleanup;
}
+ /* setup control group permissions for user namespace */
+ if (ctrl->def->idmap.uidmap) {
+ if (virCgroupSetOwner(ctrl->cgroup, ctrl->def->idmap.uidmap[0].target,
+ ctrl->def->idmap.gidmap[0].target))
+ goto cleanup;
+ }
+
if (lxcContainerSendContinue(containerposthandshake[0]) < 0) {
virReportSystemError(errno, "%s",
_("Unable to send container continue message"));
diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index a6d60c5..b66ffed 100644
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -3252,6 +3252,49 @@ cleanup:
return ret;
}
+int virCgroupSetOwner(virCgroupPtr cgroup, uid_t uid, gid_t gid) {
+ size_t i;
+
+ for (i = 0; i < VIR_CGROUP_CONTROLLER_LAST; i++) {
+ char *base, *entry;
+ DIR *dh;
+ struct dirent *de;
+
+ if (virAsprintf(&base, "%s%s",
cgroup->controllers[i].mountPoint,
+ cgroup->controllers[i].placement) < 0) {
+ virReportOOMError();
+ return -1;
+ }
+
+ dh = opendir(base);
+ while ((de = readdir(dh)) != NULL) {
+ if (STREQ(de->d_name, ".") ||
+ STREQ(de->d_name, ".."))
+ continue;
+
+ if (virAsprintf(&entry, "%s/%s", base, de->d_name) < 0)
{
+ VIR_FREE(base);
+ virReportOOMError();
+ }
+
+ if (chown(entry, uid, gid) < 0)
+ virReportSystemError(errno, _("cannot chown '%s' to (%u,
%u)"),
+ entry, uid, gid);
+
+ VIR_FREE(entry);
+ }
+ closedir(dh);
+
+ if (chown(base, uid, gid) < 0)
+ virReportSystemError(errno, _("cannot chown '%s' to (%u,
%u)"),
+ base, uid, gid);
+
+ VIR_FREE(base);
+ }
+
+ return 0;
+}
+
/**
* virCgroupSupportsCpuBW():
diff --git a/src/util/vircgroup.h b/src/util/vircgroup.h
index a70eb18..6e00f28 100644
--- a/src/util/vircgroup.h
+++ b/src/util/vircgroup.h
@@ -225,4 +225,6 @@ int virCgroupIsolateMount(virCgroupPtr group,
bool virCgroupSupportsCpuBW(virCgroupPtr cgroup);
+int virCgroupSetOwner(virCgroupPtr cgroup, uid_t uid, gid_t gid);
+
#endif /* __VIR_CGROUP_H__ */
--
1.8.4.5