[libvirt] [PATCH] Updated to deal with specifying user IDs to that do not map to usernames

Tue Jun 7 06:24:14 UTC 2016

On Mon, Jun 06, 2016 at 14:25:23 -0500, Roy Keene wrote:
> Patch to libvirt master to avoid failing when a user ID is specified, 
> e.g. for <seclabel type='dac'>, that does not map to a user name.
> 
> This is useful if you want to run each VM as a separate user and not 
> bother creating an /etc/passwd entry for each UID.

For this use case you shall prefix the name with a +. Please refer to
the documentation on seclabels.

https://libvirt.org/formatdomain.html#seclabel

> 
> It compiles but is as yet untested.
> 
> ---
>   src/util/virutil.c | 69 
> +++++++++++++++++++++++++++++++++++++++---------------
>   1 file changed, 50 insertions(+), 19 deletions(-)

NACK to this patch

Peter

> 
> diff --git a/src/util/virutil.c b/src/util/virutil.c
> index d80d994..ae95237 100644
> --- a/src/util/virutil.c
> +++ b/src/util/virutil.c
> @@ -790,26 +790,57 @@ virGetUserEnt(uid_t uid, char **name, gid_t 
> *group, char **dir)
>           if (VIR_RESIZE_N(strbuf, strbuflen, strbuflen, strbuflen) < 0)
>               goto cleanup;
>       }
> -    if (rc != 0) {
> -        virReportSystemError(rc,
> -                             _("Failed to find user record for uid '%u'"),
> -                             (unsigned int) uid);
> -        goto cleanup;
> -    } else if (pw == NULL) {
> -        virReportError(VIR_ERR_SYSTEM_ERROR,
> -                       _("Failed to find user record for uid '%u'"),
> -                       (unsigned int) uid);
> -        goto cleanup;
> -    }
> 
> -    if (name && VIR_STRDUP(*name, pw->pw_name) < 0)
> -        goto cleanup;
> -    if (group)
> -        *group = pw->pw_gid;
> -    if (dir && VIR_STRDUP(*dir, pw->pw_dir) < 0) {
> -        if (name)
> -            VIR_FREE(*name);
> -        goto cleanup;
> +    if (rc != 0 || pw == NULL) {
> +        /*
> +         * If the user does not exist or its data is not present, return
> +         * a created username.
> +         */
> +         VIR_FREE(strbuf);
> +
> +         strbuflen = 128;
> +
> +         if (VIR_ALLOC_N(strbuf, strbuflen) < 0) {
> +             return(-1);
> +         }
> +
> +         /*
> +          * Fake user home directory: /
> +          */
> +         if (dir) {
> +             if (VIR_STRDUP(*dir, "/") < 0) {
> +                 goto cleanup;
> +             }
> +         }

Erm no. We should not do this. Not at this level.

> +
> +         /*
> +          * Fake user GID: Same as UID
> +          */
> +         if (group) {
> +             *group = (gid_t) uid;
> +         }
> +
> +         /*
> +          * Fake user name: Same as UID (in string)
> +          */
> +         snprintf(strbuf, strbuflen, "%llu", (unsigned long long) uid);
> +
> +         if (name && VIR_STRDUP(*name, strbuf) < 0) {
> +             if (dir) {
> +                 VIR_FREE(*dir);
> +             }
> +             goto cleanup;
> +         }
> +    } else {
> +        if (name && VIR_STRDUP(*name, pw->pw_name) < 0)
> +            goto cleanup;
> +        if (group)
> +            *group = pw->pw_gid;
> +        if (dir && VIR_STRDUP(*dir, pw->pw_dir) < 0) {
> +            if (name)
> +                VIR_FREE(*name);
> +            goto cleanup;
> +        }
>       }
> 
>       ret = 0;
> -- 
> 2.7.4
> 

> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list