projects / project / procd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 19ac9df) | patch
jail: seteuid before clone(CLONE_NEWUSER)
authorDaniel Golle <daniel@makrotopia.org>
Thu, 26 Nov 2020 01:44:50 +0000 (01:44 +0000)
committerDaniel Golle <daniel@makrotopia.org>
Fri, 27 Nov 2020 01:06:09 +0000 (01:06 +0000)
commitacf36f2777ae971a773761b68b447d9eedee05a6
tree0390ffdd02c702d5e8dca1375cd67d210730e56atree | snapshot
parent19ac9df87738a3e694ce68c716c5bc80174440f8commit | diff
jail: seteuid before clone(CLONE_NEWUSER)

Resolve the userid in parent namespace mapped to the root user of the
new user namespace. Before clone(), seteuid() to that user in the parent
namespace.
Use SECBIT_NO_SETUID_FIXUP so the parent process can later on switch
back using seteuid(0).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
jail/jail.c diff | blob | history
OpenWrt service / process manager