[libvirt] [PATCH] Updated to deal with specifying user IDs to that do not map to usernames
Peter Krempa
pkrempa at redhat.com
Tue Jun 7 06:24:14 UTC 2016
On Mon, Jun 06, 2016 at 14:25:23 -0500, Roy Keene wrote:
> Patch to libvirt master to avoid failing when a user ID is specified,
> e.g. for <seclabel type='dac'>, that does not map to a user name.
>
> This is useful if you want to run each VM as a separate user and not
> bother creating an /etc/passwd entry for each UID.
For this use case you shall prefix the name with a +. Please refer to
the documentation on seclabels.
https://libvirt.org/formatdomain.html#seclabel
>
> It compiles but is as yet untested.
>
> ---
> src/util/virutil.c | 69
> +++++++++++++++++++++++++++++++++++++++---------------
> 1 file changed, 50 insertions(+), 19 deletions(-)
NACK to this patch
Peter
>
> diff --git a/src/util/virutil.c b/src/util/virutil.c
> index d80d994..ae95237 100644
> --- a/src/util/virutil.c
> +++ b/src/util/virutil.c
> @@ -790,26 +790,57 @@ virGetUserEnt(uid_t uid, char **name, gid_t
> *group, char **dir)
> if (VIR_RESIZE_N(strbuf, strbuflen, strbuflen, strbuflen) < 0)
> goto cleanup;
> }
> - if (rc != 0) {
> - virReportSystemError(rc,
> - _("Failed to find user record for uid '%u'"),
> - (unsigned int) uid);
> - goto cleanup;
> - } else if (pw == NULL) {
> - virReportError(VIR_ERR_SYSTEM_ERROR,
> - _("Failed to find user record for uid '%u'"),
> - (unsigned int) uid);
> - goto cleanup;
> - }
>
> - if (name && VIR_STRDUP(*name, pw->pw_name) < 0)
> - goto cleanup;
> - if (group)
> - *group = pw->pw_gid;
> - if (dir && VIR_STRDUP(*dir, pw->pw_dir) < 0) {
> - if (name)
> - VIR_FREE(*name);
> - goto cleanup;
> + if (rc != 0 || pw == NULL) {
> + /*
> + * If the user does not exist or its data is not present, return
> + * a created username.
> + */
> + VIR_FREE(strbuf);
> +
> + strbuflen = 128;
> +
> + if (VIR_ALLOC_N(strbuf, strbuflen) < 0) {
> + return(-1);
> + }
> +
> + /*
> + * Fake user home directory: /
> + */
> + if (dir) {
> + if (VIR_STRDUP(*dir, "/") < 0) {
> + goto cleanup;
> + }
> + }
Erm no. We should not do this. Not at this level.
> +
> + /*
> + * Fake user GID: Same as UID
> + */
> + if (group) {
> + *group = (gid_t) uid;
> + }
> +
> + /*
> + * Fake user name: Same as UID (in string)
> + */
> + snprintf(strbuf, strbuflen, "%llu", (unsigned long long) uid);
> +
> + if (name && VIR_STRDUP(*name, strbuf) < 0) {
> + if (dir) {
> + VIR_FREE(*dir);
> + }
> + goto cleanup;
> + }
> + } else {
> + if (name && VIR_STRDUP(*name, pw->pw_name) < 0)
> + goto cleanup;
> + if (group)
> + *group = pw->pw_gid;
> + if (dir && VIR_STRDUP(*dir, pw->pw_dir) < 0) {
> + if (name)
> + VIR_FREE(*name);
> + goto cleanup;
> + }
> }
>
> ret = 0;
> --
> 2.7.4
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
More information about the libvir-list
mailing list