179 lines
5.2 KiB
Diff
179 lines
5.2 KiB
Diff
From 90512fd67873600a490d2432e6c9429771f719be Mon Sep 17 00:00:00 2001
|
|
From: isuladci <isulad@ci.com>
|
|
Date: Fri, 2 Dec 2022 18:52:39 +0800
|
|
Subject: [PATCH] add lxc-attach add-gids option
|
|
|
|
Signed-off-by: isuladci <isulad@ci.com>
|
|
---
|
|
src/lxc/attach.c | 13 ++++++--
|
|
src/lxc/attach_options.h | 2 ++
|
|
src/lxc/tools/arguments.h | 3 ++
|
|
src/lxc/tools/lxc_attach.c | 65 ++++++++++++++++++++++++++++++++++++++
|
|
4 files changed, 80 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
|
|
index 8a2c52a..24d020d 100644
|
|
--- a/src/lxc/attach.c
|
|
+++ b/src/lxc/attach.c
|
|
@@ -1019,9 +1019,16 @@ static int attach_child_main(struct attach_clone_payload *payload)
|
|
goto on_error;
|
|
}
|
|
|
|
- if (!lxc_setgroups(init_ctx->container->lxc_conf->init_groups_len,
|
|
- init_ctx->container->lxc_conf->init_groups))
|
|
- goto on_error;
|
|
+ if (options->add_gids != NULL && options->add_gids_len != 0) {
|
|
+ if (!lxc_setgroups(options->add_gids_len, options->add_gids)) {
|
|
+ goto on_error;
|
|
+ }
|
|
+ } else {
|
|
+ if (!lxc_setgroups(init_ctx->container->lxc_conf->init_groups_len,
|
|
+ init_ctx->container->lxc_conf->init_groups)) {
|
|
+ goto on_error;
|
|
+ }
|
|
+ }
|
|
#endif
|
|
|
|
/* Make sure that the processes STDIO is correctly owned by the user that we are switching to */
|
|
diff --git a/src/lxc/attach_options.h b/src/lxc/attach_options.h
|
|
index 16b4e21..4591d65 100644
|
|
--- a/src/lxc/attach_options.h
|
|
+++ b/src/lxc/attach_options.h
|
|
@@ -124,6 +124,8 @@ typedef struct lxc_attach_options_t {
|
|
const char *suffix;
|
|
bool disable_pty;
|
|
bool open_stdin;
|
|
+ gid_t *add_gids; /* attach user additional gids */
|
|
+ size_t add_gids_len;
|
|
#endif
|
|
} lxc_attach_options_t;
|
|
|
|
diff --git a/src/lxc/tools/arguments.h b/src/lxc/tools/arguments.h
|
|
index 80c2083..583390a 100644
|
|
--- a/src/lxc/tools/arguments.h
|
|
+++ b/src/lxc/tools/arguments.h
|
|
@@ -50,6 +50,8 @@ struct lxc_arguments {
|
|
int open_stdin;
|
|
unsigned int start_timeout; /* isulad: Seconds for waiting on a container to start before it is killed*/
|
|
int64_t attach_timeout; /* for lxc-attach */
|
|
+ gid_t *add_gids;
|
|
+ size_t add_gids_len;
|
|
#endif
|
|
|
|
/* for lxc-console */
|
|
@@ -175,6 +177,7 @@ struct lxc_arguments {
|
|
#define OPT_OPEN_STDIN OPT_USAGE - 14
|
|
#define OPT_ATTACH_TIMEOUT OPT_USAGE - 15
|
|
#define OPT_ATTACH_SUFFIX OPT_USAGE - 16
|
|
+#define OPT_ADDITIONAL_GIDS OPT_USAGE - 17
|
|
#endif
|
|
|
|
extern int lxc_arguments_parse(struct lxc_arguments *args, int argc,
|
|
diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c
|
|
index 1a5a241..f6ddf2d 100644
|
|
--- a/src/lxc/tools/lxc_attach.c
|
|
+++ b/src/lxc/tools/lxc_attach.c
|
|
@@ -78,6 +78,7 @@ static const struct option my_longopts[] = {
|
|
#else
|
|
{"workdir", required_argument, 0, 'w'},
|
|
{"user", required_argument, 0, 'u'},
|
|
+ {"add-gids", required_argument, 0, OPT_ADDITIONAL_GIDS},
|
|
{"in-fifo", required_argument, 0, OPT_INPUT_FIFO}, /* isulad add terminal fifos*/
|
|
{"out-fifo", required_argument, 0, OPT_OUTPUT_FIFO},
|
|
{"err-fifo", required_argument, 0, OPT_STDERR_FIFO},
|
|
@@ -146,6 +147,7 @@ Options :\n\
|
|
"\
|
|
-w, --workdir Working directory inside the container.\n\
|
|
-u, --user User ID (format: UID[:GID])\n\
|
|
+ --add-gids Additional gids (format: GID[,GID])\n\
|
|
--in-fifo Stdin fifo path\n\
|
|
--out-fifo Stdout fifo path\n\
|
|
--err-fifo Stderr fifo path\n\
|
|
@@ -228,6 +230,58 @@ static int get_attach_uid_gid(const char *username, uid_t *user_id, gid_t *group
|
|
free(tmp);
|
|
return 0;
|
|
}
|
|
+
|
|
+static int get_attach_add_gids(const char *add_gids, gid_t **gids, size_t *gids_len)
|
|
+{
|
|
+ long long int readvalue;
|
|
+ size_t i, len;
|
|
+ const size_t max_gids = 100;
|
|
+ gid_t *g = NULL;
|
|
+ __do_free_string_list char **gids_str = NULL;
|
|
+
|
|
+ if (add_gids == NULL || strlen(add_gids) == 0) {
|
|
+ ERROR("None additional gids");
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ gids_str = lxc_string_split(add_gids, ',');
|
|
+ if (gids_str == NULL) {
|
|
+ ERROR("Failed to split additional gids");
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ len = lxc_array_len((void **)gids_str);
|
|
+ if (len > max_gids) {
|
|
+ ERROR("Too many gids");
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ g = calloc(len, sizeof(gid_t));
|
|
+ if (g == NULL) {
|
|
+ ERROR("Out of memory");
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ for (i = 0; i < len; i++) {
|
|
+ if (lxc_safe_long_long(gids_str[i], &readvalue) != 0) {
|
|
+ SYSERROR("Invalid gid value %s", gids_str[i]);
|
|
+ goto err_out;
|
|
+ }
|
|
+ if (readvalue < 0) {
|
|
+ ERROR("Invalid gid value: %lld", readvalue);
|
|
+ goto err_out;
|
|
+ }
|
|
+ g[i] = (unsigned int)readvalue;
|
|
+ }
|
|
+
|
|
+ *gids = g;
|
|
+ *gids_len = len;
|
|
+ return 0;
|
|
+
|
|
+err_out:
|
|
+ free(g);
|
|
+ return -1;
|
|
+}
|
|
#endif
|
|
|
|
static int my_parser(struct lxc_arguments *args, int c, char *arg)
|
|
@@ -331,6 +385,12 @@ static int my_parser(struct lxc_arguments *args, int c, char *arg)
|
|
case OPT_OPEN_STDIN:
|
|
args->open_stdin = 1;
|
|
break;
|
|
+ case OPT_ADDITIONAL_GIDS:
|
|
+ if (get_attach_add_gids(arg, &args->add_gids, &args->add_gids_len) != 0) {
|
|
+ ERROR("Failed to get attach additional gids");
|
|
+ return -1;
|
|
+ }
|
|
+ break;
|
|
#endif
|
|
}
|
|
|
|
@@ -655,6 +715,11 @@ int main(int argc, char *argv[])
|
|
attach_options.initial_cwd = my_args.workdir;
|
|
}
|
|
|
|
+ if (my_args.add_gids) {
|
|
+ attach_options.add_gids = my_args.add_gids;
|
|
+ attach_options.add_gids_len = my_args.add_gids_len;
|
|
+ }
|
|
+
|
|
/* isulad: add do attach background */
|
|
if (attach_options.attach_flags & LXC_ATTACH_TERMINAL)
|
|
wexit = do_attach_foreground(c, &command, &attach_options, &errmsg);
|
|
--
|
|
2.25.1
|
|
|