From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Sun, 28 May 2017 22:15:08 +0000 (+0200)
Subject: conf: allow writing uid mappings with euid != 0
X-Git-Tag: lxc-2.1.0~108^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=99d43365370351bf0fbb1ae183500d823988175a;p=thirdparty%2Flxc.git

conf: allow writing uid mappings with euid != 0

In case unprivileged users run containers via execute() or a start*() there are
valid cases where they may only want to map their own {g,u}id. Let's not block
them from doing so by requiring geteuid() == 0.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 35501ee4d..f0f7253f9 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3486,7 +3486,7 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
 	enum idtype type;
 	char u_or_g;
 	char *pos;
-	int euid, fill, left;
+	int fill, left;
 	char cmd_output[MAXPATHLEN];
 	/* strlen("new@idmap") = 9
 	 * +
@@ -3503,8 +3503,6 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
 	int ret = 0, uidmap = 0, gidmap = 0;
 	bool use_shadow = false, had_entry = false;
 
-	euid = geteuid();
-
 	/* If new{g,u}idmap exists, that is, if shadow is handing out subuid
 	 * ranges, then insist that root also reserve ranges in subuid. This
 	 * will protected it by preventing another user from being handed the
@@ -3515,15 +3513,14 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
 	if (uidmap > 0 && gidmap > 0) {
 		DEBUG("Functional newuidmap and newgidmap binary found.");
 		use_shadow = true;
-	} else if (uidmap == -ENOENT && gidmap == -ENOENT && !euid) {
-		DEBUG("No newuidmap and newgidmap binary found. Trying to "
-		      "write directly with euid 0.");
-		use_shadow = false;
 	} else {
-		DEBUG("Either one or both of the newuidmap and newgidmap "
-		      "binaries do not exist or are missing necessary "
-		      "privilege.");
-		return -1;
+		/* In case unprivileged users run application containers via
+		 * execute() or a start*() there are valid cases where they may
+		 * only want to map their own {g,u}id. Let's not block them from
+		 * doing so by requiring geteuid() == 0.
+		 */
+		DEBUG("No newuidmap and newgidmap binary found. Trying to "
+		      "write directly with euid %d.", geteuid());
 	}
 
 	for (type = ID_TYPE_UID, u_or_g = 'u'; type <= ID_TYPE_GID;