Skip to content

Commit

Permalink
incus-user: Don't set raw.idmap when uid/gid aren't in system map
Browse files Browse the repository at this point in the history
Signed-off-by: Stéphane Graber <[email protected]>
  • Loading branch information
stgraber committed Jan 6, 2024
1 parent de1c935 commit 39c1cb6
Showing 1 changed file with 42 additions and 5 deletions.
47 changes: 42 additions & 5 deletions cmd/incus-user/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,15 @@ import (
"fmt"
"os"
"path/filepath"
"strconv"
"strings"

"github.com/lxc/incus/client"
"github.com/lxc/incus/internal/linux"
"github.com/lxc/incus/internal/revert"
internalUtil "github.com/lxc/incus/internal/util"
"github.com/lxc/incus/shared/api"
"github.com/lxc/incus/shared/idmap"
"github.com/lxc/incus/shared/subprocess"
localtls "github.com/lxc/incus/shared/tls"
"github.com/lxc/incus/shared/util"
Expand Down Expand Up @@ -254,11 +256,8 @@ func serverSetupUser(uid uint32) error {
}

// Setup default profile.
err = client.UseProject(projectName).UpdateProfile("default", api.ProfilePut{
req := api.ProfilePut{
Description: "Default Incus profile",
Config: map[string]string{
"raw.idmap": fmt.Sprintf("uid %s %s\ngid %s %s", pw[2], pw[2], pw[3], pw[3]),
},
Devices: map[string]map[string]string{
"root": {
"type": "disk",
Expand All @@ -271,7 +270,45 @@ func serverSetupUser(uid uint32) error {
"network": networkName,
},
},
}, "")
}

// Add uid/gid map if possible.
pwUID, err := strconv.ParseInt(pw[2], 10, 64)
if err != nil {
return err
}

pwGID, err := strconv.ParseInt(pw[3], 10, 64)
if err != nil {
return err
}

idmapset, err := idmap.NewSetFromSystem("", "root")
if err != nil && err != idmap.ErrSubidUnsupported {
return fmt.Errorf("Failed to load system idmap: %w", err)
}

uidValid := false
gidValid := false
if idmapset != nil {
for _, idrange := range idmapset.Entries {
if idrange.IsUID && idrange.HostID <= pwUID && idrange.HostID+idrange.MapRange-1 >= pwUID {
uidValid = true
}

if idrange.IsGID && idrange.HostID <= pwGID && idrange.HostID+idrange.MapRange-1 >= pwGID {
gidValid = true
}
}
}

if idmapset == nil || (uidValid && gidValid) {
req.Config = map[string]string{
"raw.idmap": fmt.Sprintf("uid %d %d\ngid %d %d", pwUID, pwUID, pwGID, pwGID),
}
}

err = client.UseProject(projectName).UpdateProfile("default", req, "")
if err != nil {
return fmt.Errorf("Unable to update the default profile: %w", err)
}
Expand Down

0 comments on commit 39c1cb6

Please sign in to comment.