From: Michael Tremer Date: Fri, 1 Sep 2023 14:23:53 +0000 (+0000) Subject: pwd: Set maximum range for SUBUID/SUBGIDs by default X-Git-Tag: 0.9.29~29 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9eef0cb603bc51a5b34f042fced6e4d0bfa8d9d8;p=pakfire.git pwd: Set maximum range for SUBUID/SUBGIDs by default This allows us to continue even if we cannot read anything from /etc/subuid or /etc/subgid. Signed-off-by: Michael Tremer --- diff --git a/src/libpakfire/pakfire.c b/src/libpakfire/pakfire.c index a4ab9f9cb..7406f0178 100644 --- a/src/libpakfire/pakfire.c +++ b/src/libpakfire/pakfire.c @@ -783,7 +783,7 @@ static int pakfire_setup_user(struct pakfire* pakfire) { goto ERROR; // Store UID - pakfire->user.uid = uid; + pakfire->user.uid = pakfire->user.subuids.id = uid; // Store username r = pakfire_string_set(pakfire->user.name, user.pw_name); @@ -801,13 +801,26 @@ static int pakfire_setup_user(struct pakfire* pakfire) { goto ERROR; // Store GID - pakfire->group.gid = gid; + pakfire->group.gid = pakfire->group.subgids.id = gid; // Store name r = pakfire_string_set(pakfire->group.name, group.gr_name); if (r) goto ERROR; + /* + Set default ranges for SUBUID/SUBGID + + For root, we set the entire range, but for unprivileged users, + we can only map our own UID/GID. This may later be overwritten + from /etc/sub{u,g}id. + */ + if (uid == 0) + pakfire->user.subuids.length = pakfire->group.subgids.length = 0xffffffff - 1; + else + pakfire->user.subuids.length = pakfire->group.subgids.length = 1; + + // Read SUBUID/SUBGIDs from file if (!pakfire_on_root(pakfire)) { // Fetch SUBUIDs r = pakfire_getsubuid(pakfire, pakfire->user.name, &pakfire->user.subuids);