From nobody Wed Feb 11 04:39:54 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1498470074915604.4769838979842;
 Mon, 26 Jun 2017 02:41:14 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id B5D554E4C6;
	Mon, 26 Jun 2017 09:41:12 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 4B9AA7EA31;
	Mon, 26 Jun 2017 09:41:12 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id D37EF41F63;
	Mon, 26 Jun 2017 09:41:11 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
	[10.5.11.13])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v5Q9fASO005932 for <libvir-list@listman.util.phx.redhat.com>;
	Mon, 26 Jun 2017 05:41:10 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 3125717AA9; Mon, 26 Jun 2017 09:41:10 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx08.extmail.prod.ext.phx2.redhat.com
	[10.5.110.32])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 29FB36BF6B
	for <libvir-list@redhat.com>; Mon, 26 Jun 2017 09:41:09 +0000 (UTC)
Received: from smtp.nue.novell.com (smtp.nue.novell.com [195.135.221.5])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id DCD39C056827
	for <libvir-list@redhat.com>; Mon, 26 Jun 2017 09:41:06 +0000 (UTC)
Received: from laptop.de (charybdis-ext.suse.de [195.135.221.2])
	by smtp.nue.novell.com with ESMTP (TLS encrypted);
	Mon, 26 Jun 2017 11:41:04 +0200
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com B5D554E4C6
Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com;
 dmarc=none (p=none dis=none) header.from=suse.com
Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com;
 spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com B5D554E4C6
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com DCD39C056827
Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com;
	dmarc=none (p=none dis=none) header.from=suse.com
Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com;
	spf=pass smtp.mailfrom=cbosdonnat@suse.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com DCD39C056827
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
To: libvir-list@redhat.com
Date: Mon, 26 Jun 2017 11:41:00 +0200
Message-Id: <20170626094100.22562-5-cbosdonnat@suse.com>
In-Reply-To: <20170626094100.22562-1-cbosdonnat@suse.com>
References: <20170626094100.22562-1-cbosdonnat@suse.com>
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 203
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.32]); Mon, 26 Jun 2017 09:41:07 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.32]);
	Mon, 26 Jun 2017 09:41:07 +0000 (UTC) for IP:'195.135.221.5'
	DOMAIN:'smtp.nue.novell.com' HELO:'smtp.nue.novell.com'
	FROM:'cbosdonnat@suse.com' RCPT:''
X-RedHat-Spam-Score: -0.801  (BAYES_60, RCVD_IN_DNSWL_MED,
	SPF_PASS) 195.135.221.5 smtp.nue.novell.com 195.135.221.5
	smtp.nue.novell.com <cbosdonnat@suse.com>
X-Scanned-By: MIMEDefang 2.78 on 10.5.110.32
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-loop: libvir-list@redhat.com
Cc: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Subject: [libvirt] [PATCH v3 4/4] lxc: add possibility to define init uid/gid
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]);
 Mon, 26 Jun 2017 09:41:13 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Users may want to run the init command of a container as a special
user / group. This is achieved by adding <inituser> and <initgroup>
elements. Note that the user can either provide a name or an ID to
specify the user / group to be used.

This commit also fixes a side effect of being able to run the command
as a non-root user: the user needs rights on the tty to allow shell
job control.
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
---
 docs/formatdomain.html.in             |  7 +++++
 docs/schemas/domaincommon.rng         | 14 ++++++++++
 src/conf/domain_conf.c                |  9 ++++++
 src/conf/domain_conf.h                |  2 ++
 src/lxc/lxc_container.c               | 52 +++++++++++++++++++++++++++++++=
++++
 tests/lxcxml2xmldata/lxc-inituser.xml | 31 +++++++++++++++++++++
 tests/lxcxml2xmltest.c                |  1 +
 7 files changed, 116 insertions(+)
 create mode 100644 tests/lxcxml2xmldata/lxc-inituser.xml

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index e79a9d5be..f9a5177e0 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -334,6 +334,11 @@
       To set a custom work directory for the init, use the <code>initdir</=
code>
       element.
     </p>
+    <p>
+      To run the init command as a given user or group, use the <code>init=
user</code>
+      or <code>initgroup</code> elements respectively. Both elements can b=
e provided
+      either a user (resp. group) id or a name.
+    </p>
=20
     <pre>
 &lt;os&gt;
@@ -343,6 +348,8 @@
   &lt;initarg&gt;emergency.service&lt;/initarg&gt;
   &lt;initenv name=3D'MYENV'&gt;some value&lt;/initenv&gt;
   &lt;initdir&gt;/my/custom/cwd&lt;/initdir&gt;
+  &lt;inituser&gt;tester&lt;/inituser&gt;
+  &lt;initgroup&gt;1000&lt;/initgroup&gt;
 &lt;/os&gt;
     </pre>
=20
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 06fe62305..0b8294a9d 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -400,6 +400,20 @@
             <ref name=3D"absFilePath"/>
           </element>
         </optional>
+        <optional>
+          <element name=3D"inituser">
+            <choice>
+              <ref name=3D"unsignedInt"/>
+              <ref name=3D"genericName"/>
+            </choice>
+          </element>
+          <element name=3D"initgroup">
+            <choice>
+              <ref name=3D"unsignedInt"/>
+              <ref name=3D"genericName"/>
+            </choice>
+          </element>
+        </optional>
       </interleave>
     </element>
   </define>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 7835852f1..82c413e98 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -2871,6 +2871,8 @@ void virDomainDefFree(virDomainDefPtr def)
     for (i =3D 0; def->os.initenv && def->os.initenv[i]; i++)
         VIR_FREE(def->os.initenv[i]);
     VIR_FREE(def->os.initdir);
+    VIR_FREE(def->os.inituser);
+    VIR_FREE(def->os.initgroup);
     VIR_FREE(def->os.initenv);
     VIR_FREE(def->os.kernel);
     VIR_FREE(def->os.initrd);
@@ -17023,6 +17025,8 @@ virDomainDefParseBootOptions(virDomainDefPtr def,
         def->os.init =3D virXPathString("string(./os/init[1])", ctxt);
         def->os.cmdline =3D virXPathString("string(./os/cmdline[1])", ctxt=
);
         def->os.initdir =3D virXPathString("string(./os/initdir[1])", ctxt=
);
+        def->os.inituser =3D virXPathString("string(./os/inituser[1])", ct=
xt);
+        def->os.initgroup =3D virXPathString("string(./os/initgroup[1])", =
ctxt);
=20
         if ((n =3D virXPathNodeSet("./os/initarg", ctxt, &nodes)) < 0)
             goto error;
@@ -24907,6 +24911,11 @@ virDomainDefFormatInternal(virDomainDefPtr def,
     if (def->os.initdir)
         virBufferEscapeString(buf, "<initdir>%s</initdir>\n",
                               def->os.initdir);
+    if (def->os.inituser)
+        virBufferAsprintf(buf, "<inituser>%s</inituser>\n", def->os.initus=
er);
+    if (def->os.initgroup)
+        virBufferAsprintf(buf, "<initgroup>%s</initgroup>\n", def->os.init=
group);
+
     if (def->os.loader)
         virDomainLoaderDefFormat(buf, def->os.loader);
     virBufferEscapeString(buf, "<kernel>%s</kernel>\n",
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 4d41de2a4..bbffcda61 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1853,6 +1853,8 @@ struct _virDomainOSDef {
     char **initargv;
     virDomainOSEnvPtr *initenv;
     char *initdir;
+    char *inituser;
+    char *initgroup;
     char *kernel;
     char *initrd;
     char *cmdline;
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 8d8e1a735..6309abe4b 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -2110,6 +2110,55 @@ static int lxcAttachNS(int *ns_fd)
     return 0;
 }
=20
+/**
+ * lxcContainerSetUserGroup:
+ * @cmd: command to update
+ * @vmDef: domain definition for the container
+ * @ttyPath: guest path to the tty
+ *
+ * Set the command UID and GID. As this function attempts at
+ * converting the user/group name into uid/gid, it needs to
+ * be called after the pivot root is done.
+ *
+ * The owner of the tty is also changed to the given user.
+ */
+static int lxcContainerSetUserGroup(virCommandPtr cmd,
+                                    virDomainDefPtr vmDef,
+                                    const char *ttyPath)
+{
+    uid_t uid;
+    gid_t gid;
+
+    if (vmDef->os.inituser) {
+        if (virGetUserID(vmDef->os.inituser, &uid) < 0) {
+            virReportError(VIR_ERR_INTERNAL_ERROR, _("User %s doesn't exis=
t"),
+                           vmDef->os.inituser);
+            return -1;
+        }
+        virCommandSetUID(cmd, uid);
+
+        /* Change the newly created tty owner to the inituid for
+         * shells to have job control. */
+        if (chown(ttyPath, uid, -1) < 0) {
+            virReportSystemError(errno,
+                                 _("Failed to change ownership of tty %s"),
+                                 ttyPath);
+            return -1;
+        }
+    }
+
+    if (vmDef->os.initgroup) {
+        if (virGetGroupID(vmDef->os.initgroup, &gid) < 0) {
+            virReportError(VIR_ERR_INTERNAL_ERROR, _("Group %s doesn't exi=
st"),
+                           vmDef->os.initgroup);
+            return -1;
+        }
+        virCommandSetGID(cmd, gid);
+    }
+
+    return 0;
+}
+
=20
 /**
  * lxcContainerChild:
@@ -2208,6 +2257,9 @@ static int lxcContainerChild(void *data)
         goto cleanup;
     }
=20
+    if (lxcContainerSetUserGroup(cmd, vmDef, argv->ttyPaths[0]) < 0)
+        goto cleanup;
+
     /* rename and enable interfaces */
     if (lxcContainerRenameAndEnableInterfaces(vmDef,
                                               argv->nveths,
diff --git a/tests/lxcxml2xmldata/lxc-inituser.xml b/tests/lxcxml2xmldata/l=
xc-inituser.xml
new file mode 100644
index 000000000..08338a2b7
--- /dev/null
+++ b/tests/lxcxml2xmldata/lxc-inituser.xml
@@ -0,0 +1,31 @@
+<domain type=3D'lxc'>
+  <name>jessie</name>
+  <uuid>e21987a5-e98e-9c99-0e35-803e4d9ad1fe</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <currentMemory unit=3D'KiB'>1048576</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <resource>
+    <partition>/machine</partition>
+  </resource>
+  <os>
+    <type arch=3D'x86_64'>exe</type>
+    <init>/sbin/sh</init>
+    <inituser>tester</inituser>
+    <initgroup>1234</initgroup>
+  </os>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>restart</on_crash>
+  <devices>
+    <emulator>/usr/libexec/libvirt_lxc</emulator>
+    <filesystem type=3D'mount' accessmode=3D'passthrough'>
+      <source dir=3D'/mach/jessie'/>
+      <target dir=3D'/'/>
+    </filesystem>
+    <console type=3D'pty'>
+      <target type=3D'lxc' port=3D'0'/>
+    </console>
+  </devices>
+  <seclabel type=3D'none'/>
+</domain>
diff --git a/tests/lxcxml2xmltest.c b/tests/lxcxml2xmltest.c
index c81b0eace..9b9314cf8 100644
--- a/tests/lxcxml2xmltest.c
+++ b/tests/lxcxml2xmltest.c
@@ -100,6 +100,7 @@ mymain(void)
                  VIR_DOMAIN_DEF_PARSE_SKIP_OSTYPE_CHECKS);
     DO_TEST("initenv");
     DO_TEST("initdir");
+    DO_TEST("inituser");
=20
     virObjectUnref(caps);
     virObjectUnref(xmlopt);
--=20
2.12.2

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list