conf: error out on too many mappings

The kernel only allows 4k writes to most files in /proc including {g,u}id_map
so let's not try to write partial mappings. (This will obviously become a lot
more relevant when my patch to extend the idmap limit in the kernel is merged.)

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 6871b83a0523cd9c913055c0bdf3f8b3aaed88bf..88ed2b7a632e9bc83053e047442ff14fb20a9f41 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2701,9 +2701,6 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
                        pos += sprintf(mapbuf, "new%cidmap %d", u_or_g, pid);
 
                lxc_list_for_each(iterator, idmap) {
-                       /* The kernel only takes <= 4k for writes to
-                        * /proc/<nr>/[ug]id_map
-                        */
                        map = iterator->elem;
                        if (map->idtype != type)
                                continue;
@@ -2715,8 +2712,13 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
                                        use_shadow ? " " : "", map->nsid,
                                        map->hostid, map->range,
                                        use_shadow ? "" : "\n");
-                       if (fill <= 0 || fill >= left)
-                               SYSERROR("Too many {g,u}id mappings defined.");
+                       if (fill <= 0 || fill >= left) {
+                               /* The kernel only takes <= 4k for writes to
+                                * /proc/<pid>/{g,u}id_map
+                                */
+                               SYSERROR("Too many %cid mappings defined", u_or_g);
+                               return -1;
+                       }
 
                        pos += fill;
                }