aboutgitcodebugslistschat
path: root/conf.c
diff options
context:
space:
mode:
authorStefano Brivio <sbrivio@redhat.com>2023-05-21 15:03:31 +0200
committerStefano Brivio <sbrivio@redhat.com>2023-05-23 16:13:28 +0200
commit770d1a4502dd214c75b1418b49c0f51fdbb2ad8e (patch)
tree15940dba5c5556877e54375c32a2115503a65bac /conf.c
parentb0e450aa8500648cc89ca4f68b6a6155267ccd9d (diff)
downloadpasst-770d1a4502dd214c75b1418b49c0f51fdbb2ad8e.tar
passt-770d1a4502dd214c75b1418b49c0f51fdbb2ad8e.tar.gz
passt-770d1a4502dd214c75b1418b49c0f51fdbb2ad8e.tar.bz2
passt-770d1a4502dd214c75b1418b49c0f51fdbb2ad8e.tar.lz
passt-770d1a4502dd214c75b1418b49c0f51fdbb2ad8e.tar.xz
passt-770d1a4502dd214c75b1418b49c0f51fdbb2ad8e.tar.zst
passt-770d1a4502dd214c75b1418b49c0f51fdbb2ad8e.zip
isolation: Initially Keep CAP_SETFCAP if running as UID 0 in non-init
If pasta spawns a child process while running as UID 0, which is only allowed from a non-init namespace, we need to keep CAP_SETFCAP before pasta_start_ns() is called: otherwise, starting from Linux 5.12, we won't be able to update /proc/self/uid_map with the intended mapping (from 0 to 0). See user_namespaces(7). Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to 'conf.c')
0 files changed, 0 insertions, 0 deletions