Merge pull request #12718 from mihalicyn/lxc_file_push_raw_idmap_fix

shared/idmap: handle "both" idmappings in raw.idmap properly

shared/idmap/idmapset_linux.go

@@ -421,8 +421,38 @@ var ErrHostIdIsSubId = fmt.Errorf("Host id is in the range of subids")
  * new idmap intersects with in the process.
  */
 func (m *IdmapSet) AddSafe(i IdmapEntry) error {
+	/*
+	 * doAddSafe() can't properly handle mappings that
+	 * both UID and GID, because in this case the "i" idmapping
+	 * will be inserted twice which may result to a further bugs and issues.
+	 * Simplest solution is to split a "both" mapping into two separate ones
+	 * one for UIDs and another one for GIDs.
+	 */
+	newUidIdmapEntry := i
+	newUidIdmapEntry.Isgid = false
+	err := m.doAddSafe(newUidIdmapEntry)
+	if err != nil {
+		return err
+	}
+
+	newGidIdmapEntry := i
+	newGidIdmapEntry.Isuid = false
+	err = m.doAddSafe(newGidIdmapEntry)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *IdmapSet) doAddSafe(i IdmapEntry) error {
 	result := []IdmapEntry{}
 	added := false
+
+	if !i.Isuid && !i.Isgid {
+		return nil
+	}
+
 	for _, e := range m.Idmap {
 		if !e.Intersects(i) {
 			result = append(result, e)

test/suites/idmap.sh

@@ -229,4 +229,25 @@ EOF
   [ "$(stat -c '%u:%g' "/proc/${PID}/root/d")" = "$((UID_BASE+29)):$((GID_BASE+29))" ]
 
   lxc delete idmap --force
+
+  # Respawn LXD with kernel ID shifting support disabled to force manual shifting.
+  shutdown_lxd "${LXD_DIR}"
+  lxdIdmappedMountsDisable=${LXD_IDMAPPED_MOUNTS_DISABLE:-}
+
+  export LXD_IDMAPPED_MOUNTS_DISABLE=1
+  respawn_lxd "${LXD_DIR}" true
+
+  lxc launch testimage c1 -c raw.idmap="both 1000 1000"
+  lxc stop c1 --force
+  TEST_FILE="${TEST_DIR}/raw_idmap_test_file"
+  touch "${TEST_FILE}"
+  lxc file push "${TEST_FILE}" c1/root/
+  rm -f "${TEST_FILE}"
+  lxc delete c1
+
+  # Respawn LXD to restore default kernel shifting support.
+  shutdown_lxd "${LXD_DIR}"
+  export LXD_IDMAPPED_MOUNTS_DISABLE="${lxdIdmappedMountsDisable}"
+
+  respawn_lxd "${LXD_DIR}" true
 }