-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path0019-add-lxc-attach-add-gids-option.patch
178 lines (167 loc) · 5.23 KB
/
0019-add-lxc-attach-add-gids-option.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
From 90512fd67873600a490d2432e6c9429771f719be Mon Sep 17 00:00:00 2001
From: isuladci <[email protected]>
Date: Fri, 2 Dec 2022 18:52:39 +0800
Subject: [PATCH] add lxc-attach add-gids option
Signed-off-by: isuladci <[email protected]>
---
src/lxc/attach.c | 13 ++++++--
src/lxc/attach_options.h | 2 ++
src/lxc/tools/arguments.h | 3 ++
src/lxc/tools/lxc_attach.c | 65 ++++++++++++++++++++++++++++++++++++++
4 files changed, 80 insertions(+), 3 deletions(-)
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 8a2c52a..24d020d 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -1019,9 +1019,16 @@ static int attach_child_main(struct attach_clone_payload *payload)
goto on_error;
}
- if (!lxc_setgroups(init_ctx->container->lxc_conf->init_groups_len,
- init_ctx->container->lxc_conf->init_groups))
- goto on_error;
+ if (options->add_gids != NULL && options->add_gids_len != 0) {
+ if (!lxc_setgroups(options->add_gids_len, options->add_gids)) {
+ goto on_error;
+ }
+ } else {
+ if (!lxc_setgroups(init_ctx->container->lxc_conf->init_groups_len,
+ init_ctx->container->lxc_conf->init_groups)) {
+ goto on_error;
+ }
+ }
#endif
/* Make sure that the processes STDIO is correctly owned by the user that we are switching to */
diff --git a/src/lxc/attach_options.h b/src/lxc/attach_options.h
index 16b4e21..4591d65 100644
--- a/src/lxc/attach_options.h
+++ b/src/lxc/attach_options.h
@@ -124,6 +124,8 @@ typedef struct lxc_attach_options_t {
const char *suffix;
bool disable_pty;
bool open_stdin;
+ gid_t *add_gids; /* attach user additional gids */
+ size_t add_gids_len;
#endif
} lxc_attach_options_t;
diff --git a/src/lxc/tools/arguments.h b/src/lxc/tools/arguments.h
index 80c2083..583390a 100644
--- a/src/lxc/tools/arguments.h
+++ b/src/lxc/tools/arguments.h
@@ -50,6 +50,8 @@ struct lxc_arguments {
int open_stdin;
unsigned int start_timeout; /* isulad: Seconds for waiting on a container to start before it is killed*/
int64_t attach_timeout; /* for lxc-attach */
+ gid_t *add_gids;
+ size_t add_gids_len;
#endif
/* for lxc-console */
@@ -175,6 +177,7 @@ struct lxc_arguments {
#define OPT_OPEN_STDIN OPT_USAGE - 14
#define OPT_ATTACH_TIMEOUT OPT_USAGE - 15
#define OPT_ATTACH_SUFFIX OPT_USAGE - 16
+#define OPT_ADDITIONAL_GIDS OPT_USAGE - 17
#endif
extern int lxc_arguments_parse(struct lxc_arguments *args, int argc,
diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c
index 1a5a241..f6ddf2d 100644
--- a/src/lxc/tools/lxc_attach.c
+++ b/src/lxc/tools/lxc_attach.c
@@ -78,6 +78,7 @@ static const struct option my_longopts[] = {
#else
{"workdir", required_argument, 0, 'w'},
{"user", required_argument, 0, 'u'},
+ {"add-gids", required_argument, 0, OPT_ADDITIONAL_GIDS},
{"in-fifo", required_argument, 0, OPT_INPUT_FIFO}, /* isulad add terminal fifos*/
{"out-fifo", required_argument, 0, OPT_OUTPUT_FIFO},
{"err-fifo", required_argument, 0, OPT_STDERR_FIFO},
@@ -146,6 +147,7 @@ Options :\n\
"\
-w, --workdir Working directory inside the container.\n\
-u, --user User ID (format: UID[:GID])\n\
+ --add-gids Additional gids (format: GID[,GID])\n\
--in-fifo Stdin fifo path\n\
--out-fifo Stdout fifo path\n\
--err-fifo Stderr fifo path\n\
@@ -228,6 +230,58 @@ static int get_attach_uid_gid(const char *username, uid_t *user_id, gid_t *group
free(tmp);
return 0;
}
+
+static int get_attach_add_gids(const char *add_gids, gid_t **gids, size_t *gids_len)
+{
+ long long int readvalue;
+ size_t i, len;
+ const size_t max_gids = 100;
+ gid_t *g = NULL;
+ __do_free_string_list char **gids_str = NULL;
+
+ if (add_gids == NULL || strlen(add_gids) == 0) {
+ ERROR("None additional gids");
+ return -1;
+ }
+
+ gids_str = lxc_string_split(add_gids, ',');
+ if (gids_str == NULL) {
+ ERROR("Failed to split additional gids");
+ return -1;
+ }
+
+ len = lxc_array_len((void **)gids_str);
+ if (len > max_gids) {
+ ERROR("Too many gids");
+ return -1;
+ }
+
+ g = calloc(len, sizeof(gid_t));
+ if (g == NULL) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ for (i = 0; i < len; i++) {
+ if (lxc_safe_long_long(gids_str[i], &readvalue) != 0) {
+ SYSERROR("Invalid gid value %s", gids_str[i]);
+ goto err_out;
+ }
+ if (readvalue < 0) {
+ ERROR("Invalid gid value: %lld", readvalue);
+ goto err_out;
+ }
+ g[i] = (unsigned int)readvalue;
+ }
+
+ *gids = g;
+ *gids_len = len;
+ return 0;
+
+err_out:
+ free(g);
+ return -1;
+}
#endif
static int my_parser(struct lxc_arguments *args, int c, char *arg)
@@ -331,6 +385,12 @@ static int my_parser(struct lxc_arguments *args, int c, char *arg)
case OPT_OPEN_STDIN:
args->open_stdin = 1;
break;
+ case OPT_ADDITIONAL_GIDS:
+ if (get_attach_add_gids(arg, &args->add_gids, &args->add_gids_len) != 0) {
+ ERROR("Failed to get attach additional gids");
+ return -1;
+ }
+ break;
#endif
}
@@ -655,6 +715,11 @@ int main(int argc, char *argv[])
attach_options.initial_cwd = my_args.workdir;
}
+ if (my_args.add_gids) {
+ attach_options.add_gids = my_args.add_gids;
+ attach_options.add_gids_len = my_args.add_gids_len;
+ }
+
/* isulad: add do attach background */
if (attach_options.attach_flags & LXC_ATTACH_TERMINAL)
wexit = do_attach_foreground(c, &command, &attach_options, &errmsg);
--
2.25.1