Beispiel #1
0
func verifyRange(name string, idmap shared.IdmapEntry, c containers) (int, int, error) {
	lineage := strings.Split(name, "/")
	if len(lineage) == 1 {
		return idmap.Hostid, idmap.Hostid + idmap.Maprange, nil
	}
	last := len(lineage) - 1
	pname := strings.Join(lineage[0:last], "/")
	parent, ok := c[pname]
	if !ok || parent.hostmin == -1 {
		return 0, 0, fmt.Errorf("Parent for %s (%s) is undefined", name, pname)
	}

	pidmap := parent.idmap.Idmap[0]
	if idmap.Nsid+idmap.Maprange >= pidmap.Nsid+pidmap.Maprange || idmap.Hostid < pidmap.Nsid {
		return 0, 0, fmt.Errorf("Mapping for %s exceeds its parent's, parentids should be between %d - %d",
			name, pidmap.Nsid, pidmap.Nsid+pidmap.Maprange-1)
	}

	// make an idmap shifting the parent's mapping straight onto the host
	absstr := fmt.Sprintf("b:%d:%d:%d", pidmap.Nsid, parent.hostmin, pidmap.Maprange)
	m := shared.IdmapSet{}
	m, err := m.Append(absstr)
	if err != nil {
		return 0, 0, err
	}

	// map the desired 'hostid' (which is really the parent-ns-id) onto the host
	hoststart, _ := m.ShiftIntoNs(idmap.Hostid, idmap.Hostid)
	hostend := hoststart + idmap.Maprange
	return hoststart, hostend, nil
}
Beispiel #2
0
func containerFilePut(pid int, r *http.Request, p string, idmapset *shared.IdmapSet) Response {

	uid, gid, mode, err := shared.ParseLXDFileHeaders(r.Header)
	if err != nil {
		return BadRequest(err)
	}
	uid, gid = idmapset.ShiftIntoNs(uid, gid)
	if uid == -1 || gid == -1 {
		return BadRequest(fmt.Errorf("unmapped uid or gid specified"))
	}

	temp, err := ioutil.TempFile("", "lxd_forkputfile_")
	if err != nil {
		return InternalError(err)
	}
	defer func() {
		temp.Close()
		os.Remove(temp.Name())
	}()

	_, err = io.Copy(temp, r.Body)
	if err != nil {
		return InternalError(err)
	}

	cmd := exec.Command(
		os.Args[0],
		"forkputfile",
		temp.Name(),
		fmt.Sprintf("%d", pid),
		p,
		fmt.Sprintf("%d", uid),
		fmt.Sprintf("%d", gid),
		fmt.Sprintf("%d", mode&os.ModePerm),
	)
	out, err := cmd.CombinedOutput()
	if err != nil {
		return InternalError(fmt.Errorf("%s: %s", err.Error(), string(out)))
	}

	return EmptySyncResponse
}
Beispiel #3
0
func containerFilePut(d *Daemon, pid int, r *http.Request, p string, idmapset *shared.IdmapSet) Response {
	uid, gid, mode := shared.ParseLXDFileHeaders(r.Header)

	if idmapset != nil {
		uid, gid = idmapset.ShiftIntoNs(uid, gid)
	}

	temp, err := ioutil.TempFile("", "lxd_forkputfile_")
	if err != nil {
		return InternalError(err)
	}
	defer func() {
		temp.Close()
		os.Remove(temp.Name())
	}()

	_, err = io.Copy(temp, r.Body)
	if err != nil {
		return InternalError(err)
	}

	cmd := exec.Command(
		d.execPath,
		"forkputfile",
		temp.Name(),
		fmt.Sprintf("%d", pid),
		p,
		fmt.Sprintf("%d", uid),
		fmt.Sprintf("%d", gid),
		fmt.Sprintf("%d", mode&os.ModePerm),
	)
	out, err := cmd.CombinedOutput()
	if err != nil {
		return InternalError(fmt.Errorf(strings.TrimRight(string(out), "\n")))
	}

	return EmptySyncResponse
}