Re: [PATCH 4/5] unshare: Add option to automatically create user and group maps

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/23/21 9:40 AM, Karel Zak wrote:
On Tue, Nov 16, 2021 at 09:10:37PM -0500, Sean Anderson wrote:
This option is designed to handle the "garden path" user/group ID
mapping:

- The user has one big map in /etc/sub[u,g]id
- The user wants to map as many user and group IDs as they can,
   especially the first 1000 users and groups.

The "auto" map is designed to handle this. We find the first map
matching the current user, and then map the whole thing to the ID range
starting at ID 0.

...

   * map_ids() - Create a new uid/gid map
   * @idmapper: Either newuidmap or newgidmap
@@ -571,6 +637,7 @@ static void __attribute__((__noreturn__)) usage(void)
  	fputs(_(" --map-group=<gid>|<name>  map current group to gid (implies --user)\n"), out);
  	fputs(_(" -r, --map-root-user       map current user to root (implies --user)\n"), out);
  	fputs(_(" -c, --map-current-user    map current user to itself (implies --user)\n"), out);
+	fputs(_(" --map-auto                map users and groups automatically (implies --user)\n"), out);
  	fputs(_(" --map-users=<outeruid>,<inneruid>,<count>\n"
  		"                           map count users from outeruid to inneruid (implies --user)\n"), out);
  	fputs(_(" --map-groups=<outergid>,<innergid>,<count>\n"


What about to support "auto" as a placeholder too:

   --map-users=auto
   --map-groups=auto

in this case you can select what you want to map (UID/GID)
automatically.

That sounds good.

+		case OPT_MAPAUTO:
+			unshare_flags |= CLONE_NEWUSER;
+			usermap = read_subid_range("/etc/subuid", real_euid);
+			groupmap = read_subid_range("/etc/subgid", real_egid);
+			break;

Please, add _PATH_SUBUID and _PATH_SUBGID to include/pathnames.h. We
usually do not use paths in the code.

OK. I did not know about that. Will add.

--Sean




[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux