aboutgitcodebugslistschat
path: root/isolation.c
diff options
context:
space:
mode:
Diffstat (limited to 'isolation.c')
-rw-r--r--isolation.c17
1 files changed, 9 insertions, 8 deletions
diff --git a/isolation.c b/isolation.c
index a3ea842..af0d33a 100644
--- a/isolation.c
+++ b/isolation.c
@@ -130,7 +130,8 @@ void isolate_initial(void)
*/
void isolate_user(uid_t uid, gid_t gid, bool use_userns, const char *userns)
{
- char nsmap[BUFSIZ];
+ char uidmap[BUFSIZ];
+ char gidmap[BUFSIZ];
/* First set our UID & GID in the original namespace */
if (setgroups(0, NULL)) {
@@ -185,14 +186,14 @@ void isolate_user(uid_t uid, gid_t gid, bool use_userns, const char *userns)
}
/* Configure user and group mappings */
- snprintf(nsmap, BUFSIZ, "0 %u 1", uid);
- FWRITE("/proc/self/uid_map", nsmap, "Cannot set uid_map in namespace");
+ snprintf(uidmap, BUFSIZ, "0 %u 1", uid);
+ snprintf(gidmap, BUFSIZ, "0 %u 1", gid);
- FWRITE("/proc/self/setgroups", "deny",
- "Cannot write to setgroups in namespace");
-
- snprintf(nsmap, BUFSIZ, "0 %u 1", gid);
- FWRITE("/proc/self/gid_map", nsmap, "Cannot set gid_map in namespace");
+ if (write_file("/proc/self/uid_map", uidmap) ||
+ write_file("/proc/self/setgroups", "deny") ||
+ write_file("/proc/self/gid_map", gidmap)) {
+ warn("Couldn't configure user namespace");
+ }
}
/**
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-03 07:13:31 +0000