From 388435542eeba594557d604630e3cf26d3737e9d Mon Sep 17 00:00:00 2001
From: Stefano Brivio <sbrivio@redhat.com>
Date: Thu, 14 Oct 2021 18:01:00 +0200
Subject: passt: Don't refuse to run if UID is 0 in non-init namespace

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
 passt.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'passt.c')

diff --git a/passt.c b/passt.c
index 2217dd7..c0d86a5 100644
--- a/passt.c
+++ b/passt.c
@@ -189,15 +189,28 @@ static void seccomp(struct ctx *c)
 }
 
 /**
- * check_root() - Warn if we're running as root, exit if we can't drop to nobody
+ * check_root() - Warn if root in init, exit if we can't drop to nobody
  */
 static void check_root(void)
 {
 	struct passwd *pw;
+	char buf[BUFSIZ];
+	int fd;
 
 	if (getuid() && geteuid())
 		return;
 
+	if ((fd = open("/proc/self/uid_map", O_RDONLY)) < 0)
+		return;
+
+	if (read(fd, buf, BUFSIZ) > 0 &&
+	    strcmp(buf, "         0          0 4294967295")) {
+		close(fd);
+		return;
+	}
+
+	close(fd);
+
 	fprintf(stderr, "Don't run this as root. Changing to nobody...\n");
 	pw = getpwnam("nobody");
 	if (!pw) {
-- 
cgit v1.2.3