diff options
author | valoq <valoq@mailbox.org> | 2017-01-20 04:32:40 +0100 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2017-01-20 17:25:24 +0000 |
commit | c3a8858ec77938193cb4edce33d16aabfe2b80ec (patch) | |
tree | 1f1bbb379b67ab011c28b78e7350ca4780d4624a | |
parent | 3032e8c134dfe1e85180e0e1d67137b389fa696a (diff) | |
download | bubblewrap-c3a8858ec77938193cb4edce33d16aabfe2b80ec.tar.gz |
Add --require-userns build option for setuid mode
Some distributions may want to enforce this in the privileged case;
it enforces stronger isolation rather than allowing users to
cherry-pick namespaces.
Closes: #141
Closes: #159
Approved by: valoq
-rw-r--r-- | bubblewrap.c | 6 | ||||
-rw-r--r-- | configure.ac | 11 |
2 files changed, 17 insertions, 0 deletions
diff --git a/bubblewrap.c b/bubblewrap.c index ca7db43..409d94c 100644 --- a/bubblewrap.c +++ b/bubblewrap.c @@ -1718,6 +1718,12 @@ main (int argc, if (!is_privileged && getuid () != 0) opt_unshare_user = TRUE; +#ifdef ENABLE_REQUIRE_USERNS + /* In this build option, we require userns. */ + if (is_privileged && getuid () != 0) + opt_unshare_user = TRUE; +#endif + if (opt_unshare_user_try && stat ("/proc/self/ns/user", &sbuf) == 0) { diff --git a/configure.ac b/configure.ac index 9c1ab1d..5b511ae 100644 --- a/configure.ac +++ b/configure.ac @@ -100,6 +100,16 @@ AC_ARG_ENABLE(sudo, [SUDO_BIN="sudo"], [SUDO_BIN=""]) AC_SUBST([SUDO_BIN]) +AC_ARG_ENABLE(require-userns, + AS_HELP_STRING([--enable-require-userns=yes/no (default no)], + [Require user namespaces by default when installed suid]), + [], + [enable_require_userns="no"]) + +AS_IF([ test "x$enable_require_userns" = "xyes" ], [ + AC_DEFINE(ENABLE_REQUIRE_USERNS, 1, [Define if userns should be used by default in suid mode]) + ]) + AC_CONFIG_FILES([ Makefile ]) @@ -112,5 +122,6 @@ echo " man pages (xsltproc): $enable_man SELinux: $have_selinux setuid mode on make install: $with_priv_mode + require default userns: $enable_require_userns mysteriously satisfying to pop: yes" echo "" |