From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 3 Aug 2022 09:08:07 +0000 (+0000)
Subject: jail: Configure UID/GID mapping correctly for root
X-Git-Tag: 0.9.28~606
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0f7f068bcb23ba557c503898077adba9b083b86c;p=pakfire.git

jail: Configure UID/GID mapping correctly for root

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/libpakfire/jail.c b/src/libpakfire/jail.c
index 07f4d4e89..e645da7c0 100644
--- a/src/libpakfire/jail.c
+++ b/src/libpakfire/jail.c
@@ -705,9 +705,21 @@ static int pakfire_jail_setup_uid_mapping(struct pakfire_jail* jail, pid_t pid)
 	char path[PATH_MAX];
 	int r;
 
-	// XXX hard-coded values
-	const uid_t mapped_uid = 100000;
-	const size_t length = 64536;
+	uid_t mapped_uid = 0;
+	const size_t length = 1;
+
+	// Fetch the UID of the calling process
+	uid_t uid = getuid();
+
+	// Have we been called by root?
+	if (uid == 0) {
+		mapped_uid = 0;
+
+	// Have we been called by an unprivileged user?
+	} else {
+		// XXX fetch SUBUID
+		mapped_uid = uid;
+	}
 
 	// Make path
 	r = pakfire_string_format(path, "/proc/%d/uid_map", pid);
@@ -723,9 +735,21 @@ static int pakfire_jail_setup_gid_mapping(struct pakfire_jail* jail, pid_t pid)
 	char path[PATH_MAX];
 	int r;
 
-	// XXX hard-coded values
-	const uid_t mapped_gid = 100000;
-	const size_t length = 64536;
+	gid_t mapped_gid = 0;
+	const size_t length = 1;
+
+	// Fetch the GID of the calling process
+	gid_t gid = getgid();
+
+	// Have we been called from the root group?
+	if (gid == 0) {
+		mapped_gid = 0;
+
+	// Have we been called by an unprivileged group?
+	} else {
+		// XXX fetch SUBGID
+		mapped_gid = gid;
+	}
 
 	// Make path
 	r = pakfire_string_format(path, "/proc/%d/gid_map", pid);