jail: Use read SUB{U,G}IDs

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/libpakfire/jail.c b/src/libpakfire/jail.c
index 584eae41d4067b0520ec4a5ee0c555de4d9b03e2..16c3fc8c25e1ba74f2d2d2a88a5c47a9b927a856 100644 (file)
--- a/src/libpakfire/jail.c
+++ b/src/libpakfire/jail.c
@@ -46,6 +46,7 @@
 #include <pakfire/mount.h>
 #include <pakfire/pakfire.h>
 #include <pakfire/private.h>
+#include <pakfire/pwd.h>
 #include <pakfire/util.h>
 
 #define BUFFER_SIZE      1024 * 64
@@ -882,7 +883,7 @@ static int pakfire_jail_write_uidgid_mapping(struct pakfire_jail* jail,
        }
 
        // Write configuration
-       int bytes_written = fprintf(f, "%d %d %ld\n", 0, mapped_id, length);
+       int bytes_written = fprintf(f, "%d %u %lu\n", 0, mapped_id, length);
        if (bytes_written <= 0) {
                ERROR(jail->pakfire, "Could not write UID/GID mapping: %m\n");
                goto ERROR;
@@ -911,60 +912,48 @@ static int pakfire_jail_setup_uid_mapping(struct pakfire_jail* jail, pid_t pid)
        char path[PATH_MAX];
        int r;
 
-       uid_t mapped_uid = 0;
-       const size_t length = 1;
-
-       // Fetch the UID of the calling process
-       uid_t uid = getuid();
-
-       // Have we been called by root?
-       if (uid == 0) {
-               mapped_uid = 0;
+       // Skip mapping anything when running on /
+       if (pakfire_on_root(jail->pakfire))
+               return 0;
 
-       // Have we been called by an unprivileged user?
-       } else {
-               // XXX fetch SUBUID
-               mapped_uid = uid;
-       }
+       // Fetch SUBUID
+       const struct pakfire_subuid* subuid = pakfire_subuid(jail->pakfire);
+       if (!subuid)
+               return 1;
 
        // Make path
        r = pakfire_string_format(path, "/proc/%d/uid_map", pid);
        if (r < 0)
                return 1;
 
-       DEBUG(jail->pakfire, "Mapping UID range (%u - %lu)\n", mapped_uid, mapped_uid + length);
+       DEBUG(jail->pakfire, "Mapping UID range (%u - %lu)\n",
+               subuid->uid, subuid->uid + subuid->length);
 
-       return pakfire_jail_write_uidgid_mapping(jail, path, mapped_uid, length);
+       return pakfire_jail_write_uidgid_mapping(jail, path, subuid->uid, subuid->length);
 }
 
 static int pakfire_jail_setup_gid_mapping(struct pakfire_jail* jail, pid_t pid) {
        char path[PATH_MAX];
        int r;
 
-       gid_t mapped_gid = 0;
-       const size_t length = 1;
-
-       // Fetch the GID of the calling process
-       gid_t gid = getgid();
-
-       // Have we been called from the root group?
-       if (gid == 0) {
-               mapped_gid = 0;
+       // Skip mapping anything when running on /
+       if (pakfire_on_root(jail->pakfire))
+               return 0;
 
-       // Have we been called by an unprivileged group?
-       } else {
-               // XXX fetch SUBGID
-               mapped_gid = gid;
-       }
+       // Fetch SUBGID
+       const struct pakfire_subgid* subgid = pakfire_subgid(jail->pakfire);
+       if (!subgid)
+               return 1;
 
        // Make path
        r = pakfire_string_format(path, "/proc/%d/gid_map", pid);
        if (r < 0)
                return 1;
 
-       DEBUG(jail->pakfire, "Mapping GID range (%u - %lu)\n", mapped_gid, mapped_gid + length);
+       DEBUG(jail->pakfire, "Mapping GID range (%u - %lu)\n",
+               subgid->gid, subgid->gid + subgid->length);
 
-       return pakfire_jail_write_uidgid_mapping(jail, path, mapped_gid, length);
+       return pakfire_jail_write_uidgid_mapping(jail, path, subgid->gid, subgid->length);
 }
 
 static int pakfire_jail_setgroups(struct pakfire_jail* jail, pid_t pid) {