Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

make [ug]id map ordering consistent with /proc/<nr>/[ug]id_map

The id ordering and case of u,g is also consistent with uidmapshift,
reducing confusion.

doc: Moved example to the the EXAMPLES section, and used values
corresponding to the defaults in the pending shadow-utils subuid patch.

Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
  • Loading branch information...
commit ac7725e7bb6753087aa63bbefb999529b0625212 1 parent 4e18e95
Dwight Engen authored stgraber committed
Showing with 22 additions and 20 deletions.
  1. +16 −14 doc/lxc.conf.sgml.in
  2. +2 −2 src/lxc/conf.c
  3. +4 −4 src/lxc/confile.c
View
30 doc/lxc.conf.sgml.in
@@ -709,21 +709,12 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
<listitem>
<para>
Four values must be provided. First a character, either
- 'U', or 'G', to specify whether user or group ids are
- being mapped. Next is the first userid as seen on the
- host. Next is the userid to be mapped in the container.
- Finally, a range indicating the number of consecutive
- ids to map. For instance
+ 'u', or 'g', to specify whether user or group ids are
+ being mapped. Next is the first userid as seen in the
+ user namespace of the container. Next is the userid as
+ seen on the host. Finally, a range indicating the number
+ of consecutive ids to map.
</para>
-<programlisting>
- lxc.id_map = U 200000 0 20000
- lxc.id_map = G 200000 0 20000
-</programlisting>
- <para>
- will map both user and group ids in the
- range 0-19999 in the container to the ids
- 200000-219999 on the host.
- </para>
</listitem>
</varlistentry>
</variablelist>
@@ -953,6 +944,17 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
</refsect2>
<refsect2>
+ <title>UID/GID mapping</title>
+ <para>This configuration will map both user and group ids in the
+ range 0-9999 in the container to the ids 100000-109999 on the host.
+ </para>
+ <programlisting>
+ lxc.id_map = u 0 100000 10000
+ lxc.id_map = g 0 100000 10000
+ </programlisting>
+ </refsect2>
+
+ <refsect2>
<title>Control group</title>
<para>This configuration will setup several control groups for
the application, cpuset.cpus restricts usage of the defined cpu,
View
4 src/lxc/conf.c
@@ -2447,7 +2447,7 @@ int lxc_assign_network(struct lxc_list *network, pid_t pid)
return 0;
}
-int add_id_mapping(enum idtype idtype, pid_t pid, uid_t host_start, uid_t ns_start, int range)
+static int add_id_mapping(enum idtype idtype, pid_t pid, uid_t ns_start, uid_t host_start, int range)
{
char path[PATH_MAX];
int ret, closeret;
@@ -2480,7 +2480,7 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
lxc_list_for_each(iterator, idmap) {
map = iterator->elem;
- ret = add_id_mapping(map->idtype, pid, map->hostid, map->nsid, map->range);
+ ret = add_id_mapping(map->idtype, pid, map->nsid, map->hostid, map->range);
if (ret)
break;
}
View
8 src/lxc/confile.c
@@ -1049,13 +1049,13 @@ static int config_idmap(const char *key, const char *value, struct lxc_conf *lxc
lxc_list_add_tail(&lxc_conf->id_map, idmaplist);
- ret = sscanf(value, "%c %d %d %d", &type, &hostid, &nsid, &range);
+ ret = sscanf(value, "%c %d %d %d", &type, &nsid, &hostid, &range);
if (ret != 4)
goto out;
- INFO("read uid map: type %c hostid %d nsid %d range %d", type, hostid, nsid, range);
- if (type == 'U')
+ INFO("read uid map: type %c nsid %d hostid %d range %d", type, nsid, hostid, range);
+ if (type == 'u')
idmap->idtype = ID_TYPE_UID;
- else if (type == 'G')
+ else if (type == 'g')
idmap->idtype = ID_TYPE_GID;
else
goto out;
Please sign in to comment.
Something went wrong with that request. Please try again.