git.ipfire.org Git - thirdparty/lxc.git/commit

lxc_unshare: Add uid_mapping when creating userns

Change conf.c to export function write_id_mapping, which will now be
called inside main function of lxc_unshare.c.

This is required because setuid syscalls only permits a new userns to
set a new uid if the uid of parameter is mapped inside the ns using
uid_map file[1]. So, just after the clone invocation, map the uid passed as
parameter into the newly created user namespace, and put the current uid
as the ID-outside-ns. After the mapping is done, setuid call succeeds.

Closes: #494
[1] https://elixir.free-electrons.com/linux/latest/source/kernel/user_namespace.c#L286

Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>

author	Marcos Paulo de Souza <marcos.souza.org@gmail.com>
	Wed, 29 Nov 2017 01:49:28 +0000 (23:49 -0200)
committer	Marcos Paulo de Souza <marcos.souza.org@gmail.com>
	Fri, 1 Dec 2017 22:28:55 +0000 (20:28 -0200)
commit	344c9d813cf9602fc831483b6407ed276c8f58e9
tree	81f968e6bca4c496cf67d6f4c7e917149815d86c	tree
parent	8410ae3d63959f0a546f7d9eb2571fda77626d17	commit \| diff

src/lxc/conf.c		diff \| blob \| blame \| history
src/lxc/conf.h		diff \| blob \| blame \| history
src/lxc/tools/lxc_unshare.c		diff \| blob \| blame \| history