mrrl

Minimal Reliable Reproducible Linux
git clone https://ccx.te2000.cz/git/mrrl
Log | Files | Refs | Submodules | README

commit 4286a49ad4df0c4d1fb5263ba6e90c7f7648f376
parent c5396f3a84e5fb7d998073b11f93317e735d76b4
Author: Jan Pobříslo <ccx@te2000.cz>
Date:   Thu, 22 Feb 2024 08:42:53 +0100

Set up uid/gid mapping

Diffstat:
Muserns_sandbox.py | 15++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/userns_sandbox.py b/userns_sandbox.py @@ -200,14 +200,27 @@ def exec_command(argv): raise SystemExit(127) +def map_uid_gid(orig_uid, orig_gid): + with open('/proc/self/uid_map', 'wt') as f: + f.write(f'{orig_uid} {orig_uid} 1\n') + + with open('/proc/self/gid_map', 'wt') as f: + f.write(f'{orig_gid} {orig_gid} 1\n') + + os.setuid(orig_uid) + os.setgid(orig_gid) + + def pidns_run(unshare_flags, continuation, *args, **kwargs): (parent_rfd, parent_wfd) = os.pipe() nonblock_cloexec(parent_rfd) nonblock_cloexec(parent_wfd) + orig_uid = os.getuid() + orig_gid = os.getgid() if libc.unshare(CLONE_NEWPID | unshare_flags) != 0: raise c_error() if unshare_flags & CLONE_NEWUSER: - os.setuid(0) + map_uid_gid(orig_uid, orig_gid) fork_pid = os.fork() if fork_pid == 0: # child