homed: when using id mapping on the home dirs, also do an identity mapping for the...

Apparently people really want to put high UIDs in their homedirs. Let's
add some minimal support for that.

Further discussion: https://github.com/systemd/systemd/pull/22239#issuecomment-1040421552

Inspired by, based on, and replacing #22239 by Christian Brauner.

diff --git a/src/home/homework-mount.c b/src/home/homework-mount.c
index 0b028dad37690accc33095bc0314b05ced0e13e2..35645e292e3873b7ec6e6e88c76ad67b085735e6 100644 (file)
--- a/src/home/homework-mount.c
+++ b/src/home/homework-mount.c
@@ -209,6 +209,13 @@ static int make_userns(uid_t stored_uid, uid_t exposed_uid) {
         if (r < 0)
                 return log_oom();
 
+        /* Also map the container range. People can use that to place containers owned by high UIDs in their
+         * home directories if they really want. We won't manage this UID range for them but pass it through
+         * 1:1, and it will lose its meaning once migrated between hosts. */
+        r = append_identity_range(&text, CONTAINER_UID_BASE_MIN, CONTAINER_UID_BASE_MAX+1, stored_uid);
+        if (r < 0)
+                return log_oom();
+
         /* Leave everything else unmapped, starting from UID_NOBODY itself. Specifically, this means the
          * whole space outside of 16bit remains unmapped */