conf: fix userns_exec_1()
A bit of context:
userns_exec_1() is only used to operate based on privileges for the user's own
{g,u}id on the host and for the container root's unmapped {g,u}id. This means
we require only to establish a mapping from:
- the container root {g,u}id as seen from the host -> user's host {g,u}id
- the container root -> some sub{g,u}id
This function however was buggy. It relied on some pointer pointing to the same
memory, namely specific idmap entries in the idmap list in the container's
in-memory configuration. However, due to a stupid mistake of mine, the pointers
to be compared pointed to freshly allocated memory. They were never pointing to
the intended memory locations. To reproduce what I'm talking about prior to
this commit simply place:
chb:999:
1000000000
chb:999:1
chb:1000:1
in /etc/sub{g,u}id then create a container which requests the following
idmappings:
lxc.idmap = u 0 999 999
lxc.idmap = g 0 999
1000000000
and start the container. What we *would expect* is for liblxc to establish the
following mapping:
newuidmap <pid> 0 999 999
newgidmap <pid> 0 999
1000000000
since all required mappings are present. Due to the buggy pointer comparisons
what happened was:
newuidmap <pid> 0 999 999 0 999 999
newgidmap <pid> 0 999
1000000000 0 999
1000000000
Let's fix this.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
projects / mirror_lxc.git / commit