From: Karel Zak <kzak@redhat.com>
Date: Wed, 17 Dec 2025 11:47:16 +0000 (+0100)
Subject: Merge branch 'unshare/userowner' of https://github.com/arachsys-prs/util-linux
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cddf56c10c7f0959c17bcf64267894dd7dbacb1f;p=thirdparty%2Futil-linux.git

Merge branch 'unshare/userowner' of https://github.com/arachsys-prs/util-linux

* 'unshare/userowner' of https://github.com/arachsys-prs/util-linux:
  unshare: add --owner to set user namespace owner uid and gid

Signed-off-by: Karel Zak <kzak@redhat.com>
---

cddf56c10c7f0959c17bcf64267894dd7dbacb1f
diff --cc sys-utils/unshare.c
index d40037752,ebc598875..6f82461b8
--- a/sys-utils/unshare.c
+++ b/sys-utils/unshare.c
@@@ -1059,12 -1093,28 +1062,28 @@@ int main(int argc, char *argv[]
  	/* clear any inherited settings */
  	signal(SIGCHLD, SIG_DFL);
  
 -	if (npersists && (unshare_flags & CLONE_NEWNS))
 +	if (npersists && (unshare_flags & (CLONE_NEWNS | CLONE_NEWUSER)))
  		pid_bind = bind_ns_files_from_child(&fd_bind);
  
+ 	if (usermap || (mapuser != (uid_t) -1 && owneruser != (uid_t) -1)) {
+ 		add_single_map_range(&usermap, real_euid, mapuser);
+ 		mapuser = -1;
+ 	}
+ 
+ 	if (groupmap || (mapgroup != (uid_t) -1 && ownergroup != (uid_t) -1)) {
+ 		add_single_map_range(&groupmap, real_egid, mapgroup);
+ 		mapgroup = -1;
+ 	}
+ 
  	if (usermap || groupmap)
- 		pid_idmap = map_ids_from_child(&fd_idmap, mapuser, usermap,
- 					       mapgroup, groupmap);
+ 		pid_idmap = map_ids_from_child(&fd_idmap, usermap, groupmap);
+ 
+ 	if (ownergroup != (gid_t) -1 && setgroups(0, NULL) != 0)
+ 		err(EXIT_FAILURE, _("setgroups failed"));
+ 	if (ownergroup != (gid_t) -1 && setgid(ownergroup) != 0)
+ 		err(EXIT_FAILURE, _("setgid() failed"));
+ 	if (owneruser != (uid_t) -1 && setuid(owneruser) != 0)
+ 		err(EXIT_FAILURE, _("setuid() failed"));
  
  	if (-1 == unshare(unshare_flags))
  		err(EXIT_FAILURE, _("unshare failed"));
@@@ -1175,14 -1225,14 +1194,14 @@@
  #endif
  	}
  
-         if (mapuser != MAX_OF_UINT_TYPE(uid_t) && !usermap)
 -        if (mapuser != (uid_t) -1)
++        if (mapuser != MAX_OF_UINT_TYPE(uid_t))
  		map_id(_PATH_PROC_UIDMAP, mapuser, real_euid);
  
          /* Since Linux 3.19 unprivileged writing of /proc/self/gid_map
           * has been disabled unless /proc/self/setgroups is written
           * first to permanently disable the ability to call setgroups
           * in that user namespace. */
- 	if (mapgroup != MAX_OF_UINT_TYPE(gid_t) && !groupmap) {
 -	if (mapgroup != (gid_t) -1) {
++	if (mapgroup != MAX_OF_UINT_TYPE(gid_t)) {
  		if (setgrpcmd == SETGROUPS_ALLOW)
  			errx(EXIT_FAILURE, _("options --setgroups=allow and "
  					"--map-group are mutually exclusive"));