From: Michael Tremer Date: Wed, 3 Aug 2022 09:08:07 +0000 (+0000) Subject: jail: Configure UID/GID mapping correctly for root X-Git-Tag: 0.9.28~606 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0f7f068bcb23ba557c503898077adba9b083b86c;p=pakfire.git jail: Configure UID/GID mapping correctly for root Signed-off-by: Michael Tremer --- diff --git a/src/libpakfire/jail.c b/src/libpakfire/jail.c index 07f4d4e89..e645da7c0 100644 --- a/src/libpakfire/jail.c +++ b/src/libpakfire/jail.c @@ -705,9 +705,21 @@ static int pakfire_jail_setup_uid_mapping(struct pakfire_jail* jail, pid_t pid) char path[PATH_MAX]; int r; - // XXX hard-coded values - const uid_t mapped_uid = 100000; - const size_t length = 64536; + uid_t mapped_uid = 0; + const size_t length = 1; + + // Fetch the UID of the calling process + uid_t uid = getuid(); + + // Have we been called by root? + if (uid == 0) { + mapped_uid = 0; + + // Have we been called by an unprivileged user? + } else { + // XXX fetch SUBUID + mapped_uid = uid; + } // Make path r = pakfire_string_format(path, "/proc/%d/uid_map", pid); @@ -723,9 +735,21 @@ static int pakfire_jail_setup_gid_mapping(struct pakfire_jail* jail, pid_t pid) char path[PATH_MAX]; int r; - // XXX hard-coded values - const uid_t mapped_gid = 100000; - const size_t length = 64536; + gid_t mapped_gid = 0; + const size_t length = 1; + + // Fetch the GID of the calling process + gid_t gid = getgid(); + + // Have we been called from the root group? + if (gid == 0) { + mapped_gid = 0; + + // Have we been called by an unprivileged group? + } else { + // XXX fetch SUBGID + mapped_gid = gid; + } // Make path r = pakfire_string_format(path, "/proc/%d/gid_map", pid);