}
}
- nsid = 0;
+ nsid = LXC_INVALID_UID;
+
+found:
+ fclose(f);
+ free(line);
+ return nsid;
+}
+
+gid_t get_ns_gid(gid_t orig)
+{
+ char *line = NULL;
+ size_t sz = 0;
+ gid_t nsid, hostid, range;
+ FILE *f = fopen("/proc/self/gid_map", "r");
+ if (!f)
+ return 0;
+
+ while (getline(&line, &sz, f) != -1) {
+ if (sscanf(line, "%u %u %u", &nsid, &hostid, &range) != 3)
+ continue;
+
+ if (hostid <= orig && hostid + range > orig) {
+ nsid += orig - hostid;
+ goto found;
+ }
+ }
+
+ nsid = LXC_INVALID_GID;
found:
fclose(f);
if (offset >= fulllen)
return NULL;
- while (path[offset] != '\0' && offset < fulllen)
+ while (offset < fulllen && path[offset] != '\0')
offset++;
- while (path[offset] == '\0' && offset < fulllen)
+ while (offset < fulllen && path[offset] == '\0')
offset++;
*offsetp = offset;
{
char path[MAXPATHLEN];
int link_to_pid, linklen, mypid, ret;
- char link[LXC_NUMSTRLEN64] = {0};
+ char link[INTTYPE_TO_STRLEN(pid_t)] = {0};
ret = snprintf(path, MAXPATHLEN, "%s/proc/self", rootfs);
if (ret < 0 || ret >= MAXPATHLEN) {
return -1;
}
- linklen = readlink(path, link, LXC_NUMSTRLEN64);
+ linklen = readlink(path, link, sizeof(link));
ret = snprintf(path, MAXPATHLEN, "%s/proc", rootfs);
if (ret < 0 || ret >= MAXPATHLEN) {
return -1;
goto domount;
- } else if (linklen >= LXC_NUMSTRLEN64) {
+ } else if (linklen >= sizeof(link)) {
link[linklen - 1] = '\0';
ERROR("readlink returned truncated content: \"%s\"", link);
return -1;
/* Check whether a signal is blocked by a process. */
/* /proc/pid-to-str/status\0 = (5 + 21 + 7 + 1) */
-#define __PROC_STATUS_LEN (6 + (LXC_NUMSTRLEN64) + 7 + 1)
+#define __PROC_STATUS_LEN (6 + INTTYPE_TO_STRLEN(pid_t) + 7 + 1)
bool task_blocks_signal(pid_t pid, int signal)
{
int ret;
int lxc_switch_uid_gid(uid_t uid, gid_t gid)
{
- if (setgid(gid) < 0) {
- SYSERROR("Failed to switch to gid %d.", gid);
- return -errno;
+ int ret = 0;
+
+ if (gid != LXC_INVALID_GID) {
+ ret = setgid(gid);
+ if (ret < 0) {
+ SYSERROR("Failed to switch to gid %d", gid);
+ return -1;
+ }
+ NOTICE("Switched to gid %d", gid);
}
- NOTICE("Switched to gid %d.", gid);
- if (setuid(uid) < 0) {
- SYSERROR("Failed to switch to uid %d.", uid);
- return -errno;
+ if (uid != LXC_INVALID_UID) {
+ ret = setuid(uid);
+ if (ret < 0) {
+ SYSERROR("Failed to switch to uid %d", uid);
+ return -1;
+ }
+ NOTICE("Switched to uid %d", uid);
}
- NOTICE("Switched to uid %d.", uid);
- return 0;
+ return ret;
}
/* Simple covenience function which enables uniform logging. */
-int lxc_setgroups(int size, gid_t list[])
+bool lxc_setgroups(int size, gid_t list[])
{
if (setgroups(size, list) < 0) {
- SYSERROR("Failed to setgroups().");
- return -errno;
+ SYSERROR("Failed to setgroups()");
+ return false;
}
- NOTICE("Dropped additional groups.");
+ NOTICE("Dropped additional groups");
- return 0;
+ return true;
}
static int lxc_get_unused_loop_dev_legacy(char *loop_name)