Merge pull request #2111 from tych0/unpriv-fixups

Unpriv fixups

src/lxc/lxccontainer.c

@@ -2678,7 +2678,7 @@ static bool has_snapshots(struct lxc_container *c)
 static bool do_destroy_container(struct lxc_conf *conf) {
 	int ret;
 
-	if (am_unpriv()) {
+	if (am_host_unpriv()) {
 		ret = userns_exec_full(conf, storage_destroy_wrapper, conf,
 				       "storage_destroy_wrapper");
 		if (ret < 0)
@@ -2800,7 +2800,7 @@ static bool container_destroy(struct lxc_container *c,
 		if (ret < 0 || (size_t)ret >= len)
 			goto out;
 
-		if (am_unpriv())
+		if (am_host_unpriv())
 			ret = userns_exec_1(conf, lxc_unlink_exec_wrapper, path,
 					    "lxc_unlink_exec_wrapper");
 		else
@@ -2819,7 +2819,7 @@ static bool container_destroy(struct lxc_container *c,
 	ret = snprintf(path, len, "%s/%s", p1, c->name);
 	if (ret < 0 || (size_t)ret >= len)
 		goto out;
-	if (am_unpriv())
+	if (am_host_unpriv())
 		ret = userns_exec_full(conf, lxc_rmdir_onedev_wrapper, path,
 				       "lxc_rmdir_onedev_wrapper");
 	else
@@ -3602,7 +3602,7 @@ static struct lxc_container *do_lxcapi_clone(struct lxc_container *c, const char
 		}
 	}
 
-	if (am_unpriv()) {
+	if (am_host_unpriv()) {
 		if (chown_mapped_root(newpath, c->lxc_conf) < 0) {
 			ERROR("Error chowning %s to container root", newpath);
 			goto out;
@@ -3680,7 +3680,7 @@ static struct lxc_container *do_lxcapi_clone(struct lxc_container *c, const char
 	data.c1 = c2;
 	data.flags = flags;
 	data.hookargs = hookargs;
-	if (am_unpriv())
+	if (am_host_unpriv())
 		ret = userns_exec_full(c->lxc_conf, clone_update_rootfs_wrapper,
 				       &data, "clone_update_rootfs_wrapper");
 	else
@@ -4355,7 +4355,7 @@ static bool add_remove_device_node(struct lxc_container *c, const char *src_path
 
 static bool do_lxcapi_add_device_node(struct lxc_container *c, const char *src_path, const char *dest_path)
 {
-	if (am_unpriv()) {
+	if (am_host_unpriv()) {
 		ERROR(NOT_SUPPORTED_ERROR, __FUNCTION__);
 		return false;
 	}
@@ -4366,7 +4366,7 @@ WRAP_API_2(bool, lxcapi_add_device_node, const char *, const char *)
 
 static bool do_lxcapi_remove_device_node(struct lxc_container *c, const char *src_path, const char *dest_path)
 {
-	if (am_unpriv()) {
+	if (am_host_unpriv()) {
 		ERROR(NOT_SUPPORTED_ERROR, __FUNCTION__);
 		return false;
 	}
@@ -4382,7 +4382,7 @@ static bool do_lxcapi_attach_interface(struct lxc_container *c,
 	pid_t init_pid;
 	int ret = 0;
 
-	if (am_unpriv()) {
+	if (am_host_unpriv()) {
 		ERROR(NOT_SUPPORTED_ERROR, __FUNCTION__);
 		return false;
 	}
@@ -4421,7 +4421,7 @@ static bool do_lxcapi_detach_interface(struct lxc_container *c,
 	int ret;
 	pid_t pid, pid_outside;
 
-	if (am_unpriv()) {
+	if (am_host_unpriv()) {
 		ERROR(NOT_SUPPORTED_ERROR, __FUNCTION__);
 		return false;
 	}

src/lxc/network.c

@@ -2449,7 +2449,7 @@ int lxc_network_move_created_netdev_priv(const char *lxcpath, const char *lxcnam
 	char ifname[IFNAMSIZ];
 	struct lxc_list *iterator;
 
-	if (am_unpriv())
+	if (am_host_unpriv())
 		return 0;
 
 	lxc_list_for_each(iterator, network) {
@@ -2487,7 +2487,7 @@ int lxc_create_network_unpriv(const char *lxcpath, const char *lxcname,
 {
 	struct lxc_list *iterator;
 
-	if (!am_unpriv())
+	if (!am_host_unpriv())
 		return 0;
 
 	lxc_list_for_each(iterator, network) {

src/lxc/start.c

@@ -648,11 +648,11 @@ struct lxc_handler *lxc_init_handler(const char *name, struct lxc_conf *conf,
 
 	memset(handler, 0, sizeof(*handler));
 
-	/* Note that am_unpriv() checks the effective uid. We probably don't
+	/* Note that am_host_unpriv() checks the effective uid. We probably don't
 	 * care if we are real root only if we are running as root so this
 	 * should be fine.
 	 */
-	handler->am_root = !am_unpriv();
+	handler->am_root = !am_host_unpriv();
 	handler->data_sock[0] = handler->data_sock[1] = -1;
 	handler->conf = conf;
 	handler->lxcpath = lxcpath;

src/lxc/storage/aufs.c

@@ -89,7 +89,7 @@ int aufs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
 	if (mkdir_p(new->dest, 0755) < 0)
 		return -1;
 
-	if (am_unpriv() && chown_mapped_root(new->dest, conf) < 0)
+	if (am_host_unpriv() && chown_mapped_root(new->dest, conf) < 0)
 		WARN("Failed to update ownership of %s", new->dest);
 
 	if (strcmp(orig->type, "dir") == 0) {
@@ -116,7 +116,7 @@ int aufs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
 			free(delta);
 			return -1;
 		}
-		if (am_unpriv() && chown_mapped_root(delta, conf) < 0)
+		if (am_host_unpriv() && chown_mapped_root(delta, conf) < 0)
 			WARN("Failed to update ownership of %s", delta);
 
 		// the src will be 'aufs:lowerdir:upperdir'
@@ -157,13 +157,13 @@ int aufs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
 			free(ndelta);
 			return -1;
 		}
-		if (am_unpriv() && chown_mapped_root(ndelta, conf) < 0)
+		if (am_host_unpriv() && chown_mapped_root(ndelta, conf) < 0)
 			WARN("Failed to update ownership of %s", ndelta);
 
 		struct rsync_data_char rdata;
 		rdata.src = odelta;
 		rdata.dest = ndelta;
-		if (am_unpriv())
+		if (am_host_unpriv())
 			ret = userns_exec_full(conf, lxc_rsync_delta_wrapper,
 					       &rdata, "lxc_rsync_delta_wrapper");
 		else

src/lxc/storage/btrfs.c

@@ -434,7 +434,7 @@ bool btrfs_create_clone(struct lxc_conf *conf, struct lxc_storage *orig,
 	/* rsync the contents from source to target */
 	data.orig = orig;
 	data.new = new;
-	if (am_unpriv()) {
+	if (am_host_unpriv()) {
 		ret = userns_exec_full(conf, lxc_storage_rsync_exec_wrapper,
 				       &data, "lxc_storage_rsync_exec_wrapper");
 		if (ret < 0) {
@@ -466,7 +466,7 @@ bool btrfs_create_snapshot(struct lxc_conf *conf, struct lxc_storage *orig,
 	if (ret < 0 && errno != ENOENT)
 		return false;
 
-	if (am_unpriv()) {
+	if (am_host_unpriv()) {
 		struct rsync_data_char args;
 
 		args.src = orig->src;

src/lxc/storage/overlay.c

@@ -73,7 +73,7 @@ int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, const char
 		return -1;
 	}
 
-	if (am_unpriv()) {
+	if (am_host_unpriv()) {
 		ret = chown_mapped_root(new->dest, conf);
 		if (ret < 0)
 			WARN("Failed to update ownership of %s", new->dest);
@@ -120,7 +120,7 @@ int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, const char
 			return -1;
 		}
 
-		if (am_unpriv()) {
+		if (am_host_unpriv()) {
 			ret = chown_mapped_root(delta, conf);
 			if (ret < 0)
 				WARN("Failed to update ownership of %s", delta);
@@ -153,7 +153,7 @@ int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, const char
 			return -1;
 		}
 
-		if (am_unpriv()) {
+		if (am_host_unpriv()) {
 			ret = chown_mapped_root(work, conf);
 			if (ret < 0)
 				WARN("Failed to update ownership of %s", work);
@@ -224,7 +224,7 @@ int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, const char
 			return -1;
 		}
 
-		if (am_unpriv()) {
+		if (am_host_unpriv()) {
 			ret = chown_mapped_root(ndelta, conf);
 			if (ret < 0)
 				WARN("Failed to update ownership of %s",
@@ -265,7 +265,7 @@ int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, const char
 			return -1;
 		}
 
-		if (am_unpriv()) {
+		if (am_host_unpriv()) {
 			ret = chown_mapped_root(work, conf);
 			if (ret < 0)
 				WARN("Failed to update ownership of %s", work);
@@ -960,7 +960,7 @@ static int ovl_do_rsync(const char *src, const char *dest,
 
 	rdata.src = (char *)src;
 	rdata.dest = (char *)dest;
-	if (am_unpriv())
+	if (am_host_unpriv())
 		ret = userns_exec_full(conf, lxc_rsync_exec_wrapper, &rdata,
 				       "lxc_rsync_exec_wrapper");
 	else

src/lxc/storage/storage.c

@@ -406,7 +406,7 @@ struct lxc_storage *storage_copy(struct lxc_container *c, const char *cname,
 	if (!bdevtype && !keepbdevtype && snap && !strcmp(orig->type, "dir"))
 		bdevtype = "overlay";
 
-	if (am_unpriv() && !unpriv_snap_allowed(orig, bdevtype, snap, maybe_snap)) {
+	if (am_host_unpriv() && !unpriv_snap_allowed(orig, bdevtype, snap, maybe_snap)) {
 		ERROR("Unsupported snapshot type \"%s\" for unprivileged users",
 		      bdevtype ? bdevtype : "(null)");
 		goto on_error_put_orig;
@@ -505,7 +505,7 @@ struct lxc_storage *storage_copy(struct lxc_container *c, const char *cname,
 		else
 			src_no_prefix = lxc_storage_get_path(new->src, new->type);
 
-		if (am_unpriv()) {
+		if (am_host_unpriv()) {
 			ret = chown_mapped_root(src_no_prefix, c->lxc_conf);
 			if (ret < 0)
 				WARN("Failed to chown \"%s\"", new->src);
@@ -518,7 +518,7 @@ struct lxc_storage *storage_copy(struct lxc_container *c, const char *cname,
 	/* rsync the contents from source to target */
 	data.orig = orig;
 	data.new = new;
-	if (am_unpriv())
+	if (am_host_unpriv())
 		ret = userns_exec_full(c->lxc_conf,
 				       lxc_storage_rsync_exec_wrapper, &data,
 				       "lxc_storage_rsync_exec_wrapper");

src/lxc/utils.c

@@ -245,8 +245,13 @@ char *get_rundir()
 {
 	char *rundir;
 	const char *homedir;
+	struct stat sb;
+
+	if (stat(RUNTIME_PATH, &sb) < 0) {
+		return NULL;
+	}
 
-	if (geteuid() == 0) {
+	if (geteuid() == sb.st_uid || getegid() == sb.st_gid) {
 		rundir = strdup(RUNTIME_PATH);
 		return rundir;
 	}

src/lxc/utils.h

@@ -427,8 +427,32 @@ extern int lxc_strmunmap(void *addr, size_t length);
 /* initialize rand with urandom */
 extern int randseed(bool);
 
-inline static bool am_unpriv(void) {
-	return geteuid() != 0;
+inline static bool am_host_unpriv(void)
+{
+	FILE *f;
+	uid_t user, host, count;
+	int ret;
+
+	if (geteuid() != 0)
+		return true;
+
+	/* Now: are we in a user namespace? Because then we're also
+	 * unprivileged.
+	 */
+	f = fopen("/proc/self/uid_map", "r");
+	if (!f) {
+		return false;
+	}
+
+	ret = fscanf(f, "%u %u %u", &user, &host, &count);
+	fclose(f);
+	if (ret != 3) {
+		return false;
+	}
+
+	if (user != 0 || host != 0 || count != UINT32_MAX)
+		return true;
+	return false;
 }
 
 /*