commit 4286a49ad4df0c4d1fb5263ba6e90c7f7648f376
parent c5396f3a84e5fb7d998073b11f93317e735d76b4
Author: Jan Pobříslo <ccx@te2000.cz>
Date: Thu, 22 Feb 2024 08:42:53 +0100
Set up uid/gid mapping
Diffstat:
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/userns_sandbox.py b/userns_sandbox.py
@@ -200,14 +200,27 @@ def exec_command(argv):
raise SystemExit(127)
+def map_uid_gid(orig_uid, orig_gid):
+ with open('/proc/self/uid_map', 'wt') as f:
+ f.write(f'{orig_uid} {orig_uid} 1\n')
+
+ with open('/proc/self/gid_map', 'wt') as f:
+ f.write(f'{orig_gid} {orig_gid} 1\n')
+
+ os.setuid(orig_uid)
+ os.setgid(orig_gid)
+
+
def pidns_run(unshare_flags, continuation, *args, **kwargs):
(parent_rfd, parent_wfd) = os.pipe()
nonblock_cloexec(parent_rfd)
nonblock_cloexec(parent_wfd)
+ orig_uid = os.getuid()
+ orig_gid = os.getgid()
if libc.unshare(CLONE_NEWPID | unshare_flags) != 0:
raise c_error()
if unshare_flags & CLONE_NEWUSER:
- os.setuid(0)
+ map_uid_gid(orig_uid, orig_gid)
fork_pid = os.fork()
if fork_pid == 0:
# child
