]> git.ipfire.org Git - thirdparty/util-linux.git/commit
projects / thirdparty / util-linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 83fb8aa) | patch
nsenter: add --preserve-credentials and cleanup setgroups() usage
authorKarel Zak <kzak@redhat.com>
Thu, 8 Jan 2015 11:52:43 +0000 (12:52 +0100)
committerKarel Zak <kzak@redhat.com>
Fri, 9 Jan 2015 09:36:21 +0000 (10:36 +0100)
commite99a6626d6262266f012a20ae69c8e4573ee22fd
tree4b29fc9f9443bcfd55988198438f804a51cdc3b2tree | snapshot
parent83fb8aa53d15dd7ee2c62bffa4fc04f70646650bcommit | diff
nsenter: add --preserve-credentials and cleanup setgroups() usage

The new option --preserve-credentials completely disables all
operations related to UIGs and GIDs.

The patch also calls setgroups() before we enter user namespace (so
root can always clear their groups) and after we enter user namespace
(to detect /proc/self/setgroups "deny"). If both fail then nsenter
complains.

Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
sys-utils/nsenter.1 diff | blob | blame | history
sys-utils/nsenter.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.