On Thu, May 23, 2013 at 12:06:54PM +0800, Gao feng wrote:
Since these devices are created for the container. the owner should be the root user of the container.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> --- src/lxc/lxc_controller.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index f892ce3..b2ace20 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -1260,6 +1260,8 @@ static int virLXCControllerPopulateDevices(virLXCControllerPtr ctrl) size_t i; int ret = -1; char *path = NULL; + uid_t uid = (uid_t)-1; + gid_t gid = (gid_t)-1; const struct { int maj; int min; @@ -1276,6 +1278,11 @@ static int virLXCControllerPopulateDevices(virLXCControllerPtr ctrl) if (virLXCControllerSetupDev(ctrl) < 0) goto out;
+ if (ctrl->def->idmap.uidmap) { + uid = ctrl->def->idmap.uidmap[0].target; + gid = ctrl->def->idmap.gidmap[0].target; + } + /* Populate /dev/ with a few important bits */ for (i = 0 ; i < ARRAY_CARDINALITY(devs) ; i++) { if (virAsprintf(&path, "/%s/%s.dev/%s", @@ -1293,6 +1300,13 @@ static int virLXCControllerPopulateDevices(virLXCControllerPtr ctrl) devs[i].path); goto out; } + + if (chown(path, uid, gid) < 0) { + virReportSystemError(errno, + _("Failed to change owner of %s to %u:%u"), + devs[i].path, uid, gid); + goto out; + } VIR_FREE(path); }
ACK Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|