[libvirt] [PATCH v2 6/8] LXC: change the owner of devices created on host

Since this devices are created for the container. the owner should be the root user of the container. Signed-off-by: Gao feng <gaofeng(a)cn.fujitsu.com&gt; --- src/lxc/lxc_controller.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index 2072e9a..f7bdf54 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -1109,6 +1109,9 @@ static int virLXCControllerPopulateDevices(virLXCControllerPtr ctrl) int ret = -1; char *ptmx = NULL; char *path = NULL; + uid_t uid = -1; + gid_t gid = -1; + bool userns_enabled = false; const struct { int maj; int min; @@ -1122,6 +1125,12 @@ static int virLXCControllerPopulateDevices(virLXCControllerPtr ctrl) { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_URANDOM, 0666, "/dev/urandom" }, }; + if (ctrl->def->idmap.uidmap && ctrl->def->idmap.gidmap) { + uid = ctrl->def->idmap.uidmap[0].target; + gid = ctrl->def->idmap.gidmap[0].target; + userns_enabled = true; + } + /* Populate /dev/ with a few important bits */ for (i = 0 ; i < ARRAY_CARDINALITY(devs) ; i++) { if (virAsprintf(&path, "/proc/%llu/root/%s", @@ -1139,6 +1148,14 @@ static int virLXCControllerPopulateDevices(virLXCControllerPtr ctrl) devs[i].path); goto out; } + + if (userns_enabled && (chown(path, uid, gid) < 0)) { + virReportSystemError(errno, + _("Failed to change owner of device" + " %s to %u:%u"), + devs[i].path, uid, gid); + goto out; + } } if (virAsprintf(&ptmx, "/proc/%llu/root/dev/pts/ptmx", @@ -1162,6 +1179,14 @@ static int virLXCControllerPopulateDevices(virLXCControllerPtr ctrl) virReportSystemError(errno, _("Failed to make device %s"), path); goto out; } + + if (userns_enabled && (chown(path, uid, gid) < 0)) { + virReportSystemError(errno, + _("Failed to change owner of device" + " %s to %u:%u"), + path, uid, gid); + goto out; + } } ret = 0; -- 1.8.1.4