From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 14 Mar 2023 21:36:35 +0000 (+0100)
Subject: namespace-util: add detach_mount_namespace_userns()
X-Git-Tag: v256-rc1~283^2~21
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2ad2f0c89e19d3c5af1ef002ade44910b8297006;p=thirdparty%2Fsystemd.git

namespace-util: add detach_mount_namespace_userns()
---

diff --git a/src/basic/namespace-util.c b/src/basic/namespace-util.c
index 347a4ac80a7..53633c7e8f9 100644
--- a/src/basic/namespace-util.c
+++ b/src/basic/namespace-util.c
@@ -262,6 +262,21 @@ int detach_mount_namespace_harder(uid_t target_uid, gid_t target_gid) {
         return detach_mount_namespace();
 }
 
+int detach_mount_namespace_userns(int userns_fd) {
+        int r;
+
+        assert(userns_fd >= 0);
+
+        if (setns(userns_fd, CLONE_NEWUSER) < 0)
+                return log_debug_errno(errno, "Failed to join user namespace: %m");
+
+        r = reset_uid_gid();
+        if (r < 0)
+                return log_debug_errno(r, "Failed to become root in user namespace: %m");
+
+        return detach_mount_namespace();
+}
+
 int userns_acquire_empty(void) {
         _cleanup_(sigkill_waitp) pid_t pid = 0;
         _cleanup_close_ int userns_fd = -EBADF;
diff --git a/src/basic/namespace-util.h b/src/basic/namespace-util.h
index a15e262edf1..e7cf1a22012 100644
--- a/src/basic/namespace-util.h
+++ b/src/basic/namespace-util.h
@@ -35,6 +35,7 @@ int fd_is_ns(int fd, unsigned long nsflag);
 
 int detach_mount_namespace(void);
 int detach_mount_namespace_harder(uid_t target_uid, gid_t target_gid);
+int detach_mount_namespace_userns(int userns_fd);
 
 static inline bool userns_shift_range_valid(uid_t shift, uid_t range) {
         /* Checks that the specified userns range makes sense, i.e. contains at least one UID, and the end