lxc/0029-Supporting-additional-groups-configuration.patch

From f25dd7358ea454e78c41094e79764ea9e09f28e7 Mon Sep 17 00:00:00 2001
From: wujing <wujing50@huawei.com>
Date: Wed, 15 Apr 2020 03:57:20 -0400
Subject: [PATCH 29/49] Supporting additional groups configuration

Signed-off-by: wujing <wujing50@huawei.com>
---
 src/lxc/confile.c | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 65 insertions(+)

diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 9ba3c7c..55cba6d 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -149,6 +149,7 @@ lxc_config_define(sysctl);
 lxc_config_define(proc);
 #ifdef HAVE_ISULAD
 lxc_config_define(init_args);
+lxc_config_define(init_groups);
 lxc_config_define(populate_device);
 lxc_config_define(umask);
 lxc_config_define(rootfs_masked_paths);
@@ -268,6 +269,7 @@ static struct lxc_config_t config_jump_table[] = {
 	{ "lxc.proc",                      set_config_proc,                        get_config_proc,                        clr_config_proc,                      },
 #ifdef HAVE_ISULAD
 	{ "lxc.isulad.init.args",          set_config_init_args,                   get_config_init_args,                   clr_config_init_args,                 },
+	{ "lxc.isulad.init.groups",        set_config_init_groups,                 get_config_init_groups,                 clr_config_init_groups,               },
 	{ "lxc.isulad.populate.device",    set_config_populate_device,             get_config_populate_device,             clr_config_populate_device,           },
 	{ "lxc.isulad.umask",              set_config_umask,                       get_config_umask,                       clr_config_umask,                     },
 	{ "lxc.isulad.rootfs.maskedpaths", set_config_rootfs_masked_paths,         get_config_rootfs_masked_paths,         clr_config_rootfs_masked_paths,       },
@@ -6247,6 +6249,69 @@ static inline int clr_config_init_args(const char *key, struct lxc_conf *c,
 	return lxc_clear_init_args(c);
 }
 
+/* isulad: set config for init groups */
+static int set_config_init_groups(const char *key, const char *value,
+                                  struct lxc_conf *lxc_conf, void *data)
+{
+	char *groups = NULL;
+	char *token = NULL;
+	int ret = -1;
+
+	if (lxc_config_value_empty(value))
+		return lxc_clear_init_groups(lxc_conf);
+
+	groups = strdup(value);
+	if (!groups)
+		return -1;
+
+	/* In case several capability keep is specified in a single line
+	 * split these caps in a single element for the list.
+	 */
+	lxc_iterate_parts(token, groups, " \t") {
+		gid_t *tmp = NULL;
+		if (lxc_mem_realloc((void **)&tmp, (lxc_conf->init_groups_len + 1) * sizeof(gid_t), lxc_conf->init_groups,
+		                    (lxc_conf->init_groups_len) * sizeof(gid_t)) != 0) {
+			ERROR("Out of memory");
+			goto on_error;
+		}
+		lxc_conf->init_groups = tmp;
+		tmp[lxc_conf->init_groups_len] = atoll(token);
+		lxc_conf->init_groups_len++;
+	}
+
+	ret = 0;
+
+on_error:
+	free(groups);
+
+	return ret;
+}
+
+/* isulad: get config init groups */
+static int get_config_init_groups(const char *key, char *retv, int inlen,
+                                  struct lxc_conf *c, void *data)
+{
+	int i, len, fulllen = 0;
+
+	if (!retv)
+		inlen = 0;
+	else
+		memset(retv, 0, inlen);
+
+	for (i = 0; i < c->init_groups_len; i++) {
+		strprint(retv, inlen, "%u\n", c->init_groups[i]);
+	}
+
+	return fulllen;
+}
+
+/* isulad: clr config init args*/
+static inline int clr_config_init_groups(const char *key, struct lxc_conf *c,
+                void *data)
+{
+	return lxc_clear_init_groups(c);
+}
+
 /* isulad: set config for populate device */
 static int set_config_populate_device(const char *key, const char *value,
                                       struct lxc_conf *lxc_conf, void *data)
-- 
1.8.3.1
lxc: update lxc to 4.0.1 Signed-off-by: lifeng <lifeng68@huawei.com> 2020-04-23 11:50:43 +08:00			`From f25dd7358ea454e78c41094e79764ea9e09f28e7 Mon Sep 17 00:00:00 2001`
			`From: wujing <wujing50@huawei.com>`
			`Date: Wed, 15 Apr 2020 03:57:20 -0400`
			`Subject: [PATCH 29/49] Supporting additional groups configuration`

			`Signed-off-by: wujing <wujing50@huawei.com>`
			`---`
			`src/lxc/confile.c \| 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++`
			`1 file changed, 65 insertions(+)`

			`diff --git a/src/lxc/confile.c b/src/lxc/confile.c`
			`index 9ba3c7c..55cba6d 100644`
			`--- a/src/lxc/confile.c`
			`+++ b/src/lxc/confile.c`
			`@@ -149,6 +149,7 @@ lxc_config_define(sysctl);`
			`lxc_config_define(proc);`
			`#ifdef HAVE_ISULAD`
			`lxc_config_define(init_args);`
			`+lxc_config_define(init_groups);`
			`lxc_config_define(populate_device);`
			`lxc_config_define(umask);`
			`lxc_config_define(rootfs_masked_paths);`
			`@@ -268,6 +269,7 @@ static struct lxc_config_t config_jump_table[] = {`
			`{ "lxc.proc", set_config_proc, get_config_proc, clr_config_proc, },`
			`#ifdef HAVE_ISULAD`
			`{ "lxc.isulad.init.args", set_config_init_args, get_config_init_args, clr_config_init_args, },`
			`+ { "lxc.isulad.init.groups", set_config_init_groups, get_config_init_groups, clr_config_init_groups, },`
			`{ "lxc.isulad.populate.device", set_config_populate_device, get_config_populate_device, clr_config_populate_device, },`
			`{ "lxc.isulad.umask", set_config_umask, get_config_umask, clr_config_umask, },`
			`{ "lxc.isulad.rootfs.maskedpaths", set_config_rootfs_masked_paths, get_config_rootfs_masked_paths, clr_config_rootfs_masked_paths, },`
			`@@ -6247,6 +6249,69 @@ static inline int clr_config_init_args(const char key, struct lxc_conf c,`
			`return lxc_clear_init_args(c);`
			`}`

			`+/* isulad: set config for init groups */`
			`+static int set_config_init_groups(const char key, const char value,`
			`+ struct lxc_conf lxc_conf, void data)`
			`+{`
			`+ char *groups = NULL;`
			`+ char *token = NULL;`
			`+ int ret = -1;`
			`+`
			`+ if (lxc_config_value_empty(value))`
			`+ return lxc_clear_init_groups(lxc_conf);`
			`+`
			`+ groups = strdup(value);`
			`+ if (!groups)`
			`+ return -1;`
			`+`
			`+ /* In case several capability keep is specified in a single line`
			`+ * split these caps in a single element for the list.`
			`+ */`
			`+ lxc_iterate_parts(token, groups, " \t") {`
			`+ gid_t *tmp = NULL;`
			`+ if (lxc_mem_realloc((void *)&tmp, (lxc_conf->init_groups_len + 1) sizeof(gid_t), lxc_conf->init_groups,`
			`+ (lxc_conf->init_groups_len) * sizeof(gid_t)) != 0) {`
			`+ ERROR("Out of memory");`
			`+ goto on_error;`
			`+ }`
			`+ lxc_conf->init_groups = tmp;`
			`+ tmp[lxc_conf->init_groups_len] = atoll(token);`
			`+ lxc_conf->init_groups_len++;`
			`+ }`
			`+`
			`+ ret = 0;`
			`+`
			`+on_error:`
			`+ free(groups);`
			`+`
			`+ return ret;`
			`+}`
			`+`
			`+/* isulad: get config init groups */`
			`+static int get_config_init_groups(const char key, char retv, int inlen,`
			`+ struct lxc_conf c, void data)`
			`+{`
			`+ int i, len, fulllen = 0;`
			`+`
			`+ if (!retv)`
			`+ inlen = 0;`
			`+ else`
			`+ memset(retv, 0, inlen);`
			`+`
			`+ for (i = 0; i < c->init_groups_len; i++) {`
			`+ strprint(retv, inlen, "%u\n", c->init_groups[i]);`
			`+ }`
			`+`
			`+ return fulllen;`
			`+}`
			`+`
			`+/* isulad: clr config init args*/`
			`+static inline int clr_config_init_groups(const char key, struct lxc_conf c,`
			`+ void *data)`
			`+{`
			`+ return lxc_clear_init_groups(c);`
			`+}`
			`+`
			`/* isulad: set config for populate device */`
			`static int set_config_populate_device(const char key, const char value,`
			`struct lxc_conf lxc_conf, void data)`
			`--`
			`1.8.3.1`