jail: Configure UID/GID mapping correctly for root

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/libpakfire/jail.c b/src/libpakfire/jail.c
index 07f4d4e89837412387f2164c9248b69fccbadbf6..e645da7c0b07179f8e70ef8cbc140753ce282353 100644 (file)
--- a/src/libpakfire/jail.c
+++ b/src/libpakfire/jail.c
@@ -705,9 +705,21 @@ static int pakfire_jail_setup_uid_mapping(struct pakfire_jail* jail, pid_t pid)
        char path[PATH_MAX];
        int r;
 
-       // XXX hard-coded values
-       const uid_t mapped_uid = 100000;
-       const size_t length = 64536;
+       uid_t mapped_uid = 0;
+       const size_t length = 1;
+
+       // Fetch the UID of the calling process
+       uid_t uid = getuid();
+
+       // Have we been called by root?
+       if (uid == 0) {
+               mapped_uid = 0;
+
+       // Have we been called by an unprivileged user?
+       } else {
+               // XXX fetch SUBUID
+               mapped_uid = uid;
+       }
 
        // Make path
        r = pakfire_string_format(path, "/proc/%d/uid_map", pid);
@@ -723,9 +735,21 @@ static int pakfire_jail_setup_gid_mapping(struct pakfire_jail* jail, pid_t pid)
        char path[PATH_MAX];
        int r;
 
-       // XXX hard-coded values
-       const uid_t mapped_gid = 100000;
-       const size_t length = 64536;
+       gid_t mapped_gid = 0;
+       const size_t length = 1;
+
+       // Fetch the GID of the calling process
+       gid_t gid = getgid();
+
+       // Have we been called from the root group?
+       if (gid == 0) {
+               mapped_gid = 0;
+
+       // Have we been called by an unprivileged group?
+       } else {
+               // XXX fetch SUBGID
+               mapped_gid = gid;
+       }
 
        // Make path
        r = pakfire_string_format(path, "/proc/%d/gid_map", pid);