[Toybox] [PATCH] unshare: fix -r
Andy Lutomirski
luto at amacapital.net
Sun Apr 12 14:25:19 PDT 2015
On Sun, Apr 12, 2015 at 2:11 PM, Rob Landley <rob at landley.net> wrote:
> On Sun, Apr 12, 2015 at 1:52 PM, Samuel Holland <samuel at sholland.net> wrote:
>> Calling unshare(2) immediately puts us in the new namespace
>> with the "overflow" user and group ID. By calling geteuid()
>> and getegid() in handle_r() after calling unshare(), we try
>> to map that to root, which Linux refuses to let us do.
>>
>> What we really want to map to root is the caller's uid/gid
>> in the original namespace. So we have to save them before
>> calling unshare().
>
> Applied, but I'm curious why open("setgroups") is ignoring errors (but
> doing xwrite() if the open succeeds) but write_ugid_map() is xopen().
> Do some kernels not have setgroups and that's ok, but everything needs
> uid_map and gid_map or this command can't perform its functions?
Exactly. There are lots of kernels without setgroups, and the correct
behavior on those kernels is to ignore the missing setgroups file.
>
> (It seems like this code could be collated and possibly moved to
> lib... if the users agreed on error handling semantics. Which is a
> more general problem: )
>
> Rob
>
> P.S: I hate git because of crap like:
> $ git log lib --stat
> fatal: bad flag '--stat' used after filename
> $ git log --stat lib
> [ works fine ]
>
> There is simply no excuse for that.
> _______________________________________________
> Toybox mailing list
> Toybox at lists.landley.net
> http://lists.landley.net/listinfo.cgi/toybox-landley.net
--
Andy Lutomirski
AMA Capital Management, LLC
1428873919.0
More information about the Toybox
mailing list