lxc_unshare -u argument useful even with USER namespace shared

author Seth Robertson <srobertson@appcomsci.com>

Wed, 4 Dec 2013 05:24:08 +0000 (00:24 -0500)

committer Serge Hallyn <serge.hallyn@ubuntu.com>

Wed, 15 Jan 2014 21:42:29 +0000 (15:42 -0600)
author Seth Robertson <srobertson@appcomsci.com>
Wed, 4 Dec 2013 05:24:08 +0000 (00:24 -0500)
committer Serge Hallyn <serge.hallyn@ubuntu.com>
Wed, 15 Jan 2014 21:42:29 +0000 (15:42 -0600)
diff --git a/doc/lxc-unshare.sgml.in b/doc/lxc-unshare.sgml.in

index a812eb9653e53e41cff154dad64a83898d09f66a..9d3be22edfa0058daf19453dc30f7d32ff4125e7 100644 (file)
--- a/doc/lxc-unshare.sgml.in
+++ b/doc/lxc-unshare.sgml.in
@@ -51,7 +51,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
      <cmdsynopsis>
        <command>lxc-unshare</command>
        <arg choice="req">-s <replaceable>namespaces</replaceable></arg>
-      <arg choice="req">-u <replaceable>user</replaceable></arg>
+      <arg choice="opt">-u <replaceable>user</replaceable></arg>
        <arg choice="req">command</arg>
      </cmdsynopsis>
    </refsynopsisdiv>
@@ -100,8 +100,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
         </term>
         <listitem>
           <para>
-           Specify a user which the new task should become.  This option is
-           only valid if a user namespace is unshared.
+           Specify a userid which the new task should become.
           </para>
         </listitem>
        </varlistentry>
diff --git a/src/lxc/lxc_unshare.c b/src/lxc/lxc_unshare.c

index 827aa913178d491e3b1936ff1d7adb18668adf24..4c82e9e8d740eacf5272e70e3fd983096035de10 100644 (file)
--- a/src/lxc/lxc_unshare.c
+++ b/src/lxc/lxc_unshare.c
@@ -97,7 +97,8 @@ static int do_start(void *arg)
         int flags = *start_arg->flags;
         uid_t uid = *start_arg->uid;
  
-       if (flags & CLONE_NEWUSER && setuid(uid)) {
+       // Setuid is useful even without a new user id space
+       if ( uid >= 0 && setuid(uid)) {
                 ERROR("failed to set uid %d: %s", uid, strerror(errno));
                 exit(1);
         }
@@ -153,8 +154,6 @@ int main(int argc, char *argv[])
         if (ret)
                 usage(argv[0]);
  
-       if (!(flags & CLONE_NEWUSER) && uid != -1) {
-               ERROR("-u <uid> needs -s USER option");
                 return 1;
         }
author	Seth Robertson <srobertson@appcomsci.com>
	Wed, 4 Dec 2013 05:24:08 +0000 (00:24 -0500)
committer	Serge Hallyn <serge.hallyn@ubuntu.com>
	Wed, 15 Jan 2014 21:42:29 +0000 (15:42 -0600)
doc/lxc-unshare.sgml.in		patch \| blob \| blame \| history
src/lxc/lxc_unshare.c		patch \| blob \| blame \| history