git.ipfire.org Git - thirdparty/systemd.git/commit

author	Ryan Wilson <ryantimwilson@meta.com>
	Fri, 15 Nov 2024 14:56:05 +0000 (06:56 -0800)
committer	Ryan Wilson <ryantimwilson@meta.com>
	Thu, 5 Dec 2024 18:34:32 +0000 (10:34 -0800)
commit	705cc82938b67fa110f2f6f5d28bfb9ec2f339c0
tree	9cb794b25b8a251595db9d79a689cfef1327a4a5	tree \| snapshot
parent	3cf362f6f57b7d0b5f6b86a49316303b0dda7599	commit \| diff

core: Add PrivateUsers=full

Recently, PrivateUsers=identity was added to support mapping the first
65536 UIDs/GIDs from parent to the child namespace and mapping the other
UID/GIDs to the nobody user.

However, there are use cases where users have UIDs/GIDs > 65536 and need
to do a similar identity mapping. Moreover, in some of those cases, users
want a full identity mapping from 0 -> UID_MAX.

Note to differentiate ourselves from the init user namespace, we need to
set up the uid_map/gid_map like:
```
0 0 1
1 1 UINT32_MAX - 1
```

as the init user namedspace uses `0 0 UINT32_MAX` and some applications -
like systemd itself - determine if its a non-init user namespace based on
uid_map/gid_map files. Note systemd will remove this heuristic in
running_in_userns() in version 258 and uses namespace inode. But some users
may be running a container image with older systemd < 258 so we keep this
hack until version 259.

To support this, we add PrivateUsers=full that does identity mapping for
all available UID/GIDs.

Fixes: #35168

man/systemd.exec.xml		diff \| blob \| blame \| history
src/core/exec-invoke.c		diff \| blob \| blame \| history
src/core/namespace.c		diff \| blob \| blame \| history
src/core/namespace.h		diff \| blob \| blame \| history
test/units/TEST-07-PID1.private-users.sh		diff \| blob \| blame \| history