machine: ignore containers which disable private user namespace in MapToMachine{User,Group}

Fixes #9286.
author: Yu Watanabe <watanabe.yu+github@gmail.com> 2018-06-13 23:59:35 +0900
committer: Lennart Poettering <lennart@poettering.net> 2018-06-13 19:05:32 +0200
commit: 24f5a4c7c69ea6c3f9c292030fad06d1015eb333 (patch)
tree: 1fa60e7528d8fb52aa702759e8490f5f863a52d6 /src
parent: 6f8a8b84f28be7a6133bbde1479dee9abad6cee8 (diff)
download: systemd-24f5a4c7c69ea6c3f9c292030fad06d1015eb333.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c
index cb46718696..f45e592062 100644
--- a/src/machine/machined-dbus.c
+++ b/src/machine/machined-dbus.c
@@ -1010,6 +1010,10 @@ static int method_map_to_machine_user(sd_bus_message *message, void *userdata, s
                                 return -EIO;
                         }
 
+                        /* The private user namespace is disabled, ignoring. */
+                        if (uid_shift == 0)
+                                continue;
+
                         if (uid < uid_shift || uid >= uid_shift + uid_range)
                                 continue;
 
@@ -1128,6 +1132,10 @@ static int method_map_to_machine_group(sd_bus_message *message, void *groupdata,
                                 return -EIO;
                         }
 
+                        /* The private user namespace is disabled, ignoring. */
+                        if (gid_shift == 0)
+                                continue;
+
                         if (gid < gid_shift || gid >= gid_shift + gid_range)
                                 continue;
author	Yu Watanabe <watanabe.yu+github@gmail.com>	2018-06-13 23:59:35 +0900
committer	Lennart Poettering <lennart@poettering.net>	2018-06-13 19:05:32 +0200
commit	24f5a4c7c69ea6c3f9c292030fad06d1015eb333 (patch)
tree	1fa60e7528d8fb52aa702759e8490f5f863a52d6 /src
parent	6f8a8b84f28be7a6133bbde1479dee9abad6cee8 (diff)
download	systemd-24f5a4c7c69ea6c3f9c292030fad06d1015eb333.tar.gz