[Toybox] [PATCH] unshare: fix -r
Rob Landley
rob at landley.net
Sun Apr 12 14:11:20 PDT 2015
On Sun, Apr 12, 2015 at 1:52 PM, Samuel Holland <samuel at sholland.net> wrote:
> Calling unshare(2) immediately puts us in the new namespace
> with the "overflow" user and group ID. By calling geteuid()
> and getegid() in handle_r() after calling unshare(), we try
> to map that to root, which Linux refuses to let us do.
>
> What we really want to map to root is the caller's uid/gid
> in the original namespace. So we have to save them before
> calling unshare().
Applied, but I'm curious why open("setgroups") is ignoring errors (but
doing xwrite() if the open succeeds) but write_ugid_map() is xopen().
Do some kernels not have setgroups and that's ok, but everything needs
uid_map and gid_map or this command can't perform its functions?
(It seems like this code could be collated and possibly moved to
lib... if the users agreed on error handling semantics. Which is a
more general problem: )
Rob
P.S: I hate git because of crap like:
$ git log lib --stat
fatal: bad flag '--stat' used after filename
$ git log --stat lib
[ works fine ]
There is simply no excuse for that.
1428873080.0
More information about the Toybox
mailing list