From 9eef0cb603bc51a5b34f042fced6e4d0bfa8d9d8 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 1 Sep 2023 14:23:53 +0000 Subject: [PATCH] pwd: Set maximum range for SUBUID/SUBGIDs by default This allows us to continue even if we cannot read anything from /etc/subuid or /etc/subgid. Signed-off-by: Michael Tremer --- src/libpakfire/pakfire.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/src/libpakfire/pakfire.c b/src/libpakfire/pakfire.c index a4ab9f9cb..7406f0178 100644 --- a/src/libpakfire/pakfire.c +++ b/src/libpakfire/pakfire.c @@ -783,7 +783,7 @@ static int pakfire_setup_user(struct pakfire* pakfire) { goto ERROR; // Store UID - pakfire->user.uid = uid; + pakfire->user.uid = pakfire->user.subuids.id = uid; // Store username r = pakfire_string_set(pakfire->user.name, user.pw_name); @@ -801,13 +801,26 @@ static int pakfire_setup_user(struct pakfire* pakfire) { goto ERROR; // Store GID - pakfire->group.gid = gid; + pakfire->group.gid = pakfire->group.subgids.id = gid; // Store name r = pakfire_string_set(pakfire->group.name, group.gr_name); if (r) goto ERROR; + /* + Set default ranges for SUBUID/SUBGID + + For root, we set the entire range, but for unprivileged users, + we can only map our own UID/GID. This may later be overwritten + from /etc/sub{u,g}id. + */ + if (uid == 0) + pakfire->user.subuids.length = pakfire->group.subgids.length = 0xffffffff - 1; + else + pakfire->user.subuids.length = pakfire->group.subgids.length = 1; + + // Read SUBUID/SUBGIDs from file if (!pakfire_on_root(pakfire)) { // Fetch SUBUIDs r = pakfire_getsubuid(pakfire, pakfire->user.name, &pakfire->user.subuids); -- 2.39.5