From 7a8e3de7e0a263491737a203d82e2f63b51c08fe Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Wed, 27 Nov 2019 12:10:09 +0100 Subject: --userns --uid: Only swtich user if needed We don't want to switch user unless we have to because we might not be in a trivial mapping, such as the outer userns in a devpts workaround hack. --- bubblewrap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'bubblewrap.c') diff --git a/bubblewrap.c b/bubblewrap.c index f1feb5e..8d0c5f7 100644 --- a/bubblewrap.c +++ b/bubblewrap.c @@ -811,10 +811,10 @@ switch_to_user_with_privs (void) /* If we switched to a new user namespace it may allow other uids/gids, so switch to the target one */ if (opt_userns_fd != -1) { - if (setuid (opt_sandbox_uid) < 0) + if (opt_sandbox_uid != real_uid && setuid (opt_sandbox_uid) < 0) die_with_error ("unable to switch to uid %d", opt_sandbox_uid); - if (setgid (opt_sandbox_gid) < 0) + if (opt_sandbox_gid != real_gid && setgid (opt_sandbox_gid) < 0) die_with_error ("unable to switch to gid %d", opt_sandbox_gid); } -- cgit v1.2.1