diff options
author | Alexander Larsson <alexl@redhat.com> | 2016-01-28 09:43:14 +0100 |
---|---|---|
committer | Alexander Larsson <alexl@redhat.com> | 2016-01-28 09:43:45 +0100 |
commit | 6349b3ffc1ebd974a8c6f064fa05ca1a044aec2d (patch) | |
tree | 91c4d9f80579619d36ddca50b5207f0e5868c467 /app | |
parent | b8a4455e5cada02bf134b59a0e54f35e29a47666 (diff) | |
download | xdg-app-6349b3ffc1ebd974a8c6f064fa05ca1a044aec2d.tar.gz |
helper: Make user namespace support vs setuid a runtime, not build-time option
We now check at runtime if we have raised privs, and only if not so do we try
to use unprivileged user namespaces. This means you can build xdg-app however,
and then setuid/setcap the binary however you want afterwards.
Diffstat (limited to 'app')
-rw-r--r-- | app/xdg-app-builtins-enter.c | 37 |
1 files changed, 20 insertions, 17 deletions
diff --git a/app/xdg-app-builtins-enter.c b/app/xdg-app-builtins-enter.c index 30f7f9c..c751306 100644 --- a/app/xdg-app-builtins-enter.c +++ b/app/xdg-app-builtins-enter.c @@ -40,7 +40,6 @@ static GOptionEntry options[] = { { NULL } }; -#ifndef DISABLE_USERNS static gboolean write_to_file (int fd, const char *content, ssize_t len) { @@ -81,7 +80,6 @@ write_file (const char *path, const char *content) return res; } -#endif static uid_t uid; static gid_t gid; @@ -89,28 +87,33 @@ static gid_t gid; static void child_setup (gpointer user_data) { -#ifndef DISABLE_USERNS g_autofree char *uid_map = NULL; g_autofree char *gid_map = NULL; - - /* Work around user namespace devpts issue by creating a new - userspace and map our uid like the helper does */ + uid_t ns_uid; + gid_t ns_gid; - if (unshare (CLONE_NEWUSER)) + ns_uid = getuid (); + ns_gid = getgid (); + + if (ns_uid != uid || ns_gid != gid) { - g_warning ("Can't unshare user namespace: %s", strerror (errno)); - return; - } + /* Work around user namespace devpts issue by creating a new + userspace and map our uid like the helper does */ - uid_map = g_strdup_printf ("%d 0 1\n", uid); - if (!write_file ("/proc/self/uid_map", uid_map)) - g_warning ("setting up uid map"); + if (unshare (CLONE_NEWUSER)) + { + g_warning ("Can't unshare user namespace: %s", strerror (errno)); + return; + } - gid_map = g_strdup_printf ("%d 0 1\n", gid); - if (!write_file ("/proc/self/gid_map", gid_map)) - g_warning ("setting up gid map"); + uid_map = g_strdup_printf ("%d %d 1\n", uid, ns_uid); + if (!write_file ("/proc/self/uid_map", uid_map)) + g_warning ("setting up uid map"); -#endif + gid_map = g_strdup_printf ("%d %d 1\n", gid, ns_gid); + if (!write_file ("/proc/self/gid_map", gid_map)) + g_warning ("setting up gid map"); + } } gboolean |