git.ipfire.org Git - thirdparty/coreutils.git/commit

author	Pádraig Brady <P@draigBrady.com>
	Mon, 3 Mar 2014 01:54:36 +0000 (01:54 +0000)
committer	Pádraig Brady <P@draigBrady.com>
	Thu, 13 Mar 2014 14:07:45 +0000 (14:07 +0000)
commit	e972be3c4b9ee5c00933e80e2756b4601baf66cc
tree	5a2b00bd7b65c9d05192c71ed6bdfad84cedda77	tree \| snapshot
parent	08140ecd48de9a5970992ab284dd11dbd3a0b14d	commit \| diff

chroot: improve --userspec and --groups look-up

- Support arbitrary numbers in --groups, consistent with
  what is already done for --userspec
- Avoid look-ups entirely for --groups items with a leading '+'
- Support names that are actually numbers in --groups
- Ignore an empty --groups="" option for consistency with --userspec
- Look up both inside and outside the chroot with inside taking
  precedence.  The look-up outside may load required libraries
  to complete the look-up inside the chroot.  This can happen for
  example with a 32 bit chroot on a 64 bit system, where the
  32 bit NSS plugins within the chroot fail to load.

* src/chroot.c (parse_additional_groups): A new function refactored
from set_addition_groups(), to just do the parsing.  The actual
setgroups() call is separated out for calling from the chroot later.
(main): Call parse_user_spec() and parse_additional_groups()
both outside and inside the chroot for the reasons outlined above.
* tests/misc/chroot-credentials.sh: Ensure arbitrary numeric IDs
can be specified without causing look-up errors.
* NEWS: Mention the improvements.
* THANKS.in: Add Norihiro Kamae who initially reported the issue
with a proposed patch.
Also thanks to Dmitry V. Levin for his diagnosis and sample patch.

NEWS		diff \| blob \| blame \| history
THANKS.in		diff \| blob \| blame \| history
doc/coreutils.texi		diff \| blob \| blame \| history
src/chroot.c		diff \| blob \| blame \| history
tests/misc/chroot-credentials.sh		diff \| blob \| blame \| history