]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f70754b) | patch
nspawn: Drop CAP_NET_BIND_SERVICE if in userns with identity mapping
authorDaanDeMeyer <daan.j.demeyer@gmail.com>
Tue, 26 Aug 2025 10:35:58 +0000 (12:35 +0200)
committerDaan De Meyer <daan.j.demeyer@gmail.com>
Fri, 5 Sep 2025 06:24:39 +0000 (08:24 +0200)
commit945e1fd37b66ae3b1732b8fbcc247050c5141b85
tree1ed40095552c664840ef1d5c912af039325efac8tree | snapshot
parentf70754b34f8cce624beeb833d1b58a59896e81cfcommit | diff
nspawn: Drop CAP_NET_BIND_SERVICE if in userns with identity mapping

Even if there's no uid shift, we still won't be able to bind to privileged
ports in the host network namespace, so drop the capability regardless of
whether we have a uid shift or not.
src/nspawn/nspawn.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.