namespace-util: add detach_mount_namespace_userns()

diff --git a/src/basic/namespace-util.c b/src/basic/namespace-util.c
index 347a4ac80a7b76361c11a59746413d48bcf09c8c..53633c7e8f98f97c5ccfb86e987876dec97588f1 100644 (file)
--- a/src/basic/namespace-util.c
+++ b/src/basic/namespace-util.c
@@ -262,6 +262,21 @@ int detach_mount_namespace_harder(uid_t target_uid, gid_t target_gid) {
         return detach_mount_namespace();
 }
 
+int detach_mount_namespace_userns(int userns_fd) {
+        int r;
+
+        assert(userns_fd >= 0);
+
+        if (setns(userns_fd, CLONE_NEWUSER) < 0)
+                return log_debug_errno(errno, "Failed to join user namespace: %m");
+
+        r = reset_uid_gid();
+        if (r < 0)
+                return log_debug_errno(r, "Failed to become root in user namespace: %m");
+
+        return detach_mount_namespace();
+}
+
 int userns_acquire_empty(void) {
         _cleanup_(sigkill_waitp) pid_t pid = 0;
         _cleanup_close_ int userns_fd = -EBADF;

diff --git a/src/basic/namespace-util.h b/src/basic/namespace-util.h
index a15e262edf179ec3c3c3079489b6472f5d5490b6..e7cf1a2201254a24f27322496479273c15bf0fbb 100644 (file)
--- a/src/basic/namespace-util.h
+++ b/src/basic/namespace-util.h
@@ -35,6 +35,7 @@ int fd_is_ns(int fd, unsigned long nsflag);
 
 int detach_mount_namespace(void);
 int detach_mount_namespace_harder(uid_t target_uid, gid_t target_gid);
+int detach_mount_namespace_userns(int userns_fd);
 
 static inline bool userns_shift_range_valid(uid_t shift, uid_t range) {
         /* Checks that the specified userns range makes sense, i.e. contains at least one UID, and the end