homed: permit inodes owned by UID_MAPPED_ROOT to be created in $HOME

If people use nspawn in their $HOME we should allow this inodes owned by
this special UID to be created temporarily, so that UID mapped nspawn
containers just work.

diff --git a/src/home/homework-mount.c b/src/home/homework-mount.c
index 35645e292e3873b7ec6e6e88c76ad67b085735e6..3095a10ff9ab75fb3d2c8e937126f17f66c0de1b 100644 (file)
--- a/src/home/homework-mount.c
+++ b/src/home/homework-mount.c
@@ -216,6 +216,12 @@ static int make_userns(uid_t stored_uid, uid_t exposed_uid) {
         if (r < 0)
                 return log_oom();
 
+        /* Map nspawn's mapped root UID as identity mapping so that people can run nspawn uidmap mounted
+         * containers off $HOME, if they want. */
+        r = strextendf(&text, UID_FMT " " UID_FMT " " UID_FMT "\n", UID_MAPPED_ROOT, UID_MAPPED_ROOT, 1);
+        if (r < 0)
+                return log_oom();
+
         /* Leave everything else unmapped, starting from UID_NOBODY itself. Specifically, this means the
          * whole space outside of 16bit remains unmapped */