From d12b91ecbe3f1aea1ef3318c99dd0c8f44786b73 Mon Sep 17 00:00:00 2001 From: Simon Fels Date: Mon, 20 Jun 2016 08:27:18 +0200 Subject: [PATCH] Take static sub UID/GID ranges for now --- src/anbox/container.cpp | 18 +++--------------- src/anbox/container.h | 14 -------------- 2 files changed, 3 insertions(+), 29 deletions(-) diff --git a/src/anbox/container.cpp b/src/anbox/container.cpp index 64401010..790cecd8 100644 --- a/src/anbox/container.cpp +++ b/src/anbox/container.cpp @@ -57,27 +57,15 @@ Container::~Container() { stop(); } -std::vector Container::read_id_mappings() { - std::vector mappings; - - static const std::string subuid_path = "/etc/subuid"; - static const std::string subgid_path = "/etc/subgid"; - - std::ifstream subuid_file(subuid_path); - - return mappings; -} - void Container::start() { - DEBUG("uid %d gid %d", getuid(), getgid()); std::vector args = { // We need to setup user mapping here as lxc-usernsexec will not // map our current user to root which we need to allow our container - // to access files we've created. + // to access files we've created and mapped into it "-m", utils::string_format("u:0:%d:1", getuid()), "-m", utils::string_format("g:0:%d:1", getgid()), - // FIXME(morphis): We need to determine those things dynamically and - // error out if not subui range is set for our current user. + // For all other users inside the container we're using a subuid/ + // subgid range which is defined on the host. "-m", "u:1:100000:100000", "-m", "g:1:100000:100000", "--", diff --git a/src/anbox/container.h b/src/anbox/container.h index 55dddd79..8e12134a 100644 --- a/src/anbox/container.h +++ b/src/anbox/container.h @@ -56,20 +56,6 @@ public: private: Container(const Container::Spec &spec); - struct IdMapping { - enum class Type { - UID, - GID - }; - - Type type; - int hostid; - int nsid; - int range; - }; - - std::vector read_id_mappings(); - Spec spec_; core::posix::ChildProcess child_; core::posix::ProcessGroup child_group_; -- GitLab