diff options
| author | Alexander Larsson <alexl@redhat.com> | 2019-11-27 12:10:09 +0100 |
|---|---|---|
| committer | Alexander Larsson <alexl@redhat.com> | 2019-11-27 12:10:09 +0100 |
| commit | 7a8e3de7e0a263491737a203d82e2f63b51c08fe (patch) | |
| tree | 095a248edcdce3e096ab5b54164c7588e13e0906 | |
| parent | 86e16d7aaa2565f65dc548bfd9faf0b551606f2a (diff) | |
| download | bubblewrap-reuse-namespaces.tar.gz | |
--userns --uid: Only swtich user if neededreuse-namespaces
We don't want to switch user unless we have to because we might
not be in a trivial mapping, such as the outer userns in a devpts workaround
hack.
| -rw-r--r-- | bubblewrap.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/bubblewrap.c b/bubblewrap.c index f1feb5e..8d0c5f7 100644 --- a/bubblewrap.c +++ b/bubblewrap.c @@ -811,10 +811,10 @@ switch_to_user_with_privs (void) /* If we switched to a new user namespace it may allow other uids/gids, so switch to the target one */ if (opt_userns_fd != -1) { - if (setuid (opt_sandbox_uid) < 0) + if (opt_sandbox_uid != real_uid && setuid (opt_sandbox_uid) < 0) die_with_error ("unable to switch to uid %d", opt_sandbox_uid); - if (setgid (opt_sandbox_gid) < 0) + if (opt_sandbox_gid != real_gid && setgid (opt_sandbox_gid) < 0) die_with_error ("unable to switch to gid %d", opt_sandbox_gid); } |