LXC: sort the uidmap/gidmap of domain

Make sure the mapping line contains the root user of container
is the first element of idmap array. So we can get the real
user id on host for the container easily.

This patch also check the map information, User must map
the root user of container to any user of host.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 5f1f3d71df5d4f95de2a0b63045cf475e90c01d6..21ffc8faf5f5149d11be725d9f8f39e52ee5d572 100644 (file)
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -10225,6 +10225,19 @@ cleanup:
 }
 
 
+static int virDomainIdMapEntrySort(const void *a, const void *b)
+{
+    const virDomainIdMapEntryPtr entrya = (const virDomainIdMapEntryPtr) a;
+    const virDomainIdMapEntryPtr entryb = (const virDomainIdMapEntryPtr) b;
+
+    if (entrya->start > entryb->start)
+        return 1;
+    else if (entrya->start < entryb->start)
+        return -1;
+    else
+        return 0;
+}
+
 /* Parse the XML definition for user namespace id map.
  *
  * idmap has the form of
@@ -10256,6 +10269,17 @@ virDomainIdmapDefParseXML(xmlXPathContextPtr ctxt,
         }
     }
 
+    qsort(idmap, num, sizeof(idmap[0]), virDomainIdMapEntrySort);
+
+    if (idmap[0].start != 0) {
+        /* Root user of container hasn't been mapped to any user of host,
+         * return error. */
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                       _("You must map the root user of container"));
+        VIR_FREE(idmap);
+        goto cleanup;
+    }
+
 cleanup:
     ctxt->node = save_ctxt;
     return idmap;