Re: [libvirt] [PATCH v2]LXC: Helper function for checking ownership of dir when userns enabled

From: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com&gt; If we enable userns, the ownership of dir we provided for containers should match the uid/gid in idmap. Currently, the debug log is very implicit or misleading sometimes. This patch will help clarify this for us when using debug log or virsh. v2: syntax-check clean Signed-off-by: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com&gt; --- src/lxc/lxc_container.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 46 insertions(+), 0 deletions(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index b910b10..2ccdc61 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -1815,6 +1815,49 @@ lxcNeedNetworkNamespace(virDomainDefPtr def) return false; } +/* + * Helper function for helping check + * whether we have enough privilege + * to operate the source dir when userns enabled + * @vmDef: pointer to vm definition structure + * Returns 0 on success or -1 in case of error + */ +static int +lxcContainerUsernsSrcOwnershipCheck(virDomainDefPtr vmDef) +{ + struct stat buf; + size_t i; + uid_t uid; + gid_t gid; + + VIR_DEBUG("vmDef->nfss %d", (int)vmDef->nfss); + for (i = 0; i < vmDef->nfss; i++) { + VIR_DEBUG("dst is %s, src is %s", + vmDef->fss[i]->dst, + vmDef->fss[i]->src); + + uid = vmDef->idmap.uidmap[0].target; + gid = vmDef->idmap.gidmap[0].target; + + if (lstat(vmDef->fss[i]->src, &buf) < 0) { + virReportSystemError(errno, _("Cannot access '%s'"), + vmDef->fss[i]->src); + return -1; + } else if (uid != buf.st_uid || gid != buf.st_gid) {