aboutgitcodebugslistschat
diff options
context:
space:
mode:
authorStefano Brivio <sbrivio@redhat.com>2021-10-14 18:01:00 +0200
committerStefano Brivio <sbrivio@redhat.com>2021-10-14 18:01:00 +0200
commit388435542eeba594557d604630e3cf26d3737e9d (patch)
tree4bc3d7b07916d4358fbe70f985275f7c833c8bd4
parent54a65e36931c83c234cafc5a338aad66736422c4 (diff)
downloadpasst-388435542eeba594557d604630e3cf26d3737e9d.tar
passt-388435542eeba594557d604630e3cf26d3737e9d.tar.gz
passt-388435542eeba594557d604630e3cf26d3737e9d.tar.bz2
passt-388435542eeba594557d604630e3cf26d3737e9d.tar.lz
passt-388435542eeba594557d604630e3cf26d3737e9d.tar.xz
passt-388435542eeba594557d604630e3cf26d3737e9d.tar.zst
passt-388435542eeba594557d604630e3cf26d3737e9d.zip
passt: Don't refuse to run if UID is 0 in non-init namespace
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
-rw-r--r--passt.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/passt.c b/passt.c
index 2217dd7..c0d86a5 100644
--- a/passt.c
+++ b/passt.c
@@ -189,15 +189,28 @@ static void seccomp(struct ctx *c)
}
/**
- * check_root() - Warn if we're running as root, exit if we can't drop to nobody
+ * check_root() - Warn if root in init, exit if we can't drop to nobody
*/
static void check_root(void)
{
struct passwd *pw;
+ char buf[BUFSIZ];
+ int fd;
if (getuid() && geteuid())
return;
+ if ((fd = open("/proc/self/uid_map", O_RDONLY)) < 0)
+ return;
+
+ if (read(fd, buf, BUFSIZ) > 0 &&
+ strcmp(buf, " 0 0 4294967295")) {
+ close(fd);
+ return;
+ }
+
+ close(fd);
+
fprintf(stderr, "Don't run this as root. Changing to nobody...\n");
pw = getpwnam("nobody");
if (!pw) {