add lxc-attach add-gids option
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
This commit is contained in:
zhangxiaoyu
parent
ac33566fea
commit
ad3a9ebb1f
178
0019-add-lxc-attach-add-gids-option.patch
Normal file
178
0019-add-lxc-attach-add-gids-option.patch
Normal file
@ -0,0 +1,178 @@
|
||||
From 90512fd67873600a490d2432e6c9429771f719be Mon Sep 17 00:00:00 2001
|
||||
From: isuladci <isulad@ci.com>
|
||||
Date: Fri, 2 Dec 2022 18:52:39 +0800
|
||||
Subject: [PATCH] add lxc-attach add-gids option
|
||||
|
||||
Signed-off-by: isuladci <isulad@ci.com>
|
||||
---
|
||||
src/lxc/attach.c | 13 ++++++--
|
||||
src/lxc/attach_options.h | 2 ++
|
||||
src/lxc/tools/arguments.h | 3 ++
|
||||
src/lxc/tools/lxc_attach.c | 65 ++++++++++++++++++++++++++++++++++++++
|
||||
4 files changed, 80 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
|
||||
index 8a2c52a..24d020d 100644
|
||||
--- a/src/lxc/attach.c
|
||||
+++ b/src/lxc/attach.c
|
||||
@@ -1019,9 +1019,16 @@ static int attach_child_main(struct attach_clone_payload *payload)
|
||||
goto on_error;
|
||||
}
|
||||
|
||||
- if (!lxc_setgroups(init_ctx->container->lxc_conf->init_groups_len,
|
||||
- init_ctx->container->lxc_conf->init_groups))
|
||||
- goto on_error;
|
||||
+ if (options->add_gids != NULL && options->add_gids_len != 0) {
|
||||
+ if (!lxc_setgroups(options->add_gids_len, options->add_gids)) {
|
||||
+ goto on_error;
|
||||
+ }
|
||||
+ } else {
|
||||
+ if (!lxc_setgroups(init_ctx->container->lxc_conf->init_groups_len,
|
||||
+ init_ctx->container->lxc_conf->init_groups)) {
|
||||
+ goto on_error;
|
||||
+ }
|
||||
+ }
|
||||
#endif
|
||||
|
||||
/* Make sure that the processes STDIO is correctly owned by the user that we are switching to */
|
||||
diff --git a/src/lxc/attach_options.h b/src/lxc/attach_options.h
|
||||
index 16b4e21..4591d65 100644
|
||||
--- a/src/lxc/attach_options.h
|
||||
+++ b/src/lxc/attach_options.h
|
||||
@@ -124,6 +124,8 @@ typedef struct lxc_attach_options_t {
|
||||
const char *suffix;
|
||||
bool disable_pty;
|
||||
bool open_stdin;
|
||||
+ gid_t *add_gids; /* attach user additional gids */
|
||||
+ size_t add_gids_len;
|
||||
#endif
|
||||
} lxc_attach_options_t;
|
||||
|
||||
diff --git a/src/lxc/tools/arguments.h b/src/lxc/tools/arguments.h
|
||||
index 80c2083..583390a 100644
|
||||
--- a/src/lxc/tools/arguments.h
|
||||
+++ b/src/lxc/tools/arguments.h
|
||||
@@ -50,6 +50,8 @@ struct lxc_arguments {
|
||||
int open_stdin;
|
||||
unsigned int start_timeout; /* isulad: Seconds for waiting on a container to start before it is killed*/
|
||||
int64_t attach_timeout; /* for lxc-attach */
|
||||
+ gid_t *add_gids;
|
||||
+ size_t add_gids_len;
|
||||
#endif
|
||||
|
||||
/* for lxc-console */
|
||||
@@ -175,6 +177,7 @@ struct lxc_arguments {
|
||||
#define OPT_OPEN_STDIN OPT_USAGE - 14
|
||||
#define OPT_ATTACH_TIMEOUT OPT_USAGE - 15
|
||||
#define OPT_ATTACH_SUFFIX OPT_USAGE - 16
|
||||
+#define OPT_ADDITIONAL_GIDS OPT_USAGE - 17
|
||||
#endif
|
||||
|
||||
extern int lxc_arguments_parse(struct lxc_arguments *args, int argc,
|
||||
diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c
|
||||
index 1a5a241..f6ddf2d 100644
|
||||
--- a/src/lxc/tools/lxc_attach.c
|
||||
+++ b/src/lxc/tools/lxc_attach.c
|
||||
@@ -78,6 +78,7 @@ static const struct option my_longopts[] = {
|
||||
#else
|
||||
{"workdir", required_argument, 0, 'w'},
|
||||
{"user", required_argument, 0, 'u'},
|
||||
+ {"add-gids", required_argument, 0, OPT_ADDITIONAL_GIDS},
|
||||
{"in-fifo", required_argument, 0, OPT_INPUT_FIFO}, /* isulad add terminal fifos*/
|
||||
{"out-fifo", required_argument, 0, OPT_OUTPUT_FIFO},
|
||||
{"err-fifo", required_argument, 0, OPT_STDERR_FIFO},
|
||||
@@ -146,6 +147,7 @@ Options :\n\
|
||||
"\
|
||||
-w, --workdir Working directory inside the container.\n\
|
||||
-u, --user User ID (format: UID[:GID])\n\
|
||||
+ --add-gids Additional gids (format: GID[,GID])\n\
|
||||
--in-fifo Stdin fifo path\n\
|
||||
--out-fifo Stdout fifo path\n\
|
||||
--err-fifo Stderr fifo path\n\
|
||||
@@ -228,6 +230,58 @@ static int get_attach_uid_gid(const char *username, uid_t *user_id, gid_t *group
|
||||
free(tmp);
|
||||
return 0;
|
||||
}
|
||||
+
|
||||
+static int get_attach_add_gids(const char *add_gids, gid_t **gids, size_t *gids_len)
|
||||
+{
|
||||
+ long long int readvalue;
|
||||
+ size_t i, len;
|
||||
+ const size_t max_gids = 100;
|
||||
+ gid_t *g = NULL;
|
||||
+ __do_free_string_list char **gids_str = NULL;
|
||||
+
|
||||
+ if (add_gids == NULL || strlen(add_gids) == 0) {
|
||||
+ ERROR("None additional gids");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ gids_str = lxc_string_split(add_gids, ',');
|
||||
+ if (gids_str == NULL) {
|
||||
+ ERROR("Failed to split additional gids");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ len = lxc_array_len((void **)gids_str);
|
||||
+ if (len > max_gids) {
|
||||
+ ERROR("Too many gids");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ g = calloc(len, sizeof(gid_t));
|
||||
+ if (g == NULL) {
|
||||
+ ERROR("Out of memory");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ for (i = 0; i < len; i++) {
|
||||
+ if (lxc_safe_long_long(gids_str[i], &readvalue) != 0) {
|
||||
+ SYSERROR("Invalid gid value %s", gids_str[i]);
|
||||
+ goto err_out;
|
||||
+ }
|
||||
+ if (readvalue < 0) {
|
||||
+ ERROR("Invalid gid value: %lld", readvalue);
|
||||
+ goto err_out;
|
||||
+ }
|
||||
+ g[i] = (unsigned int)readvalue;
|
||||
+ }
|
||||
+
|
||||
+ *gids = g;
|
||||
+ *gids_len = len;
|
||||
+ return 0;
|
||||
+
|
||||
+err_out:
|
||||
+ free(g);
|
||||
+ return -1;
|
||||
+}
|
||||
#endif
|
||||
|
||||
static int my_parser(struct lxc_arguments *args, int c, char *arg)
|
||||
@@ -331,6 +385,12 @@ static int my_parser(struct lxc_arguments *args, int c, char *arg)
|
||||
case OPT_OPEN_STDIN:
|
||||
args->open_stdin = 1;
|
||||
break;
|
||||
+ case OPT_ADDITIONAL_GIDS:
|
||||
+ if (get_attach_add_gids(arg, &args->add_gids, &args->add_gids_len) != 0) {
|
||||
+ ERROR("Failed to get attach additional gids");
|
||||
+ return -1;
|
||||
+ }
|
||||
+ break;
|
||||
#endif
|
||||
}
|
||||
|
||||
@@ -655,6 +715,11 @@ int main(int argc, char *argv[])
|
||||
attach_options.initial_cwd = my_args.workdir;
|
||||
}
|
||||
|
||||
+ if (my_args.add_gids) {
|
||||
+ attach_options.add_gids = my_args.add_gids;
|
||||
+ attach_options.add_gids_len = my_args.add_gids_len;
|
||||
+ }
|
||||
+
|
||||
/* isulad: add do attach background */
|
||||
if (attach_options.attach_flags & LXC_ATTACH_TERMINAL)
|
||||
wexit = do_attach_foreground(c, &command, &attach_options, &errmsg);
|
||||
--
|
||||
2.25.1
|
||||
|
||||
9
lxc.spec
9
lxc.spec
@ -1,4 +1,4 @@
|
||||
%global _release 2022102403
|
||||
%global _release 2022102404
|
||||
|
||||
Name: lxc
|
||||
Version: 4.0.3
|
||||
@ -26,6 +26,7 @@ Patch0015: 0015-fix-do-mask-pathes-after-parent-mounted.patch
|
||||
Patch0016: 0016-skip-kill-cgroup-processes-if-no-hierarchies.patch
|
||||
Patch0017: 0017-lxc-Add-sw64-architecture.patch
|
||||
Patch0018: 0018-add-macro-to-adapt-musl-libc.patch
|
||||
Patch0019: 0019-add-lxc-attach-add-gids-option.patch
|
||||
|
||||
BuildRequires: systemd-units git libtool graphviz docbook2X doxygen chrpath
|
||||
BuildRequires: pkgconfig(libseccomp)
|
||||
@ -206,6 +207,12 @@ make check
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Dec 02 2022 zhangxiaoyu<zhangxiaoyu58@huawei.com> - 4.0.3-2022102404
|
||||
- Type:bugfix
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
- DESC: add lxc-attach add-gids option
|
||||
|
||||
* Thu Nov 24 2022 zhangxiaoyu<zhangxiaoyu58@huawei.com> - 4.0.3-2022102403
|
||||
- Type:bugfix
|
||||
- ID:NA
|
||||
|
||||
@ -15,3 +15,4 @@
|
||||
0015-fix-do-mask-pathes-after-parent-mounted.patch
|
||||
0017-lxc-Add-sw64-architecture.patch
|
||||
0018-add-macro-to-adapt-musl-libc.patch
|
||||
0019-add-lxc-attach-add-gids-option.patch
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user