Serge Hallyn <serge.hal...@ubuntu.com> writes: > Quoting Eric W. Biederman (ebied...@xmission.com): > ... >> For what it's worth. If you are going to do a combined binary, and you >> are just going to worry about yourself. You don't have to fork to >> write /proc/self/uid_map with 0 $old_uid 1. > > Well, shoot! I figured since we'd already unshared, our uid was 65534 / > -1, and there was no sensible value to insert. Just tried with the orig > uid and it works. Neato.
Yes. My shell example has to jump through hoops because exec drops the caps, and because as an example it implements the general case. >> I had originally hoped to do an upcall to validate other writes to >> /proc/self/uid_map but code was never solid and I went with what works >> now. > > Right, I remember that. This isn't so bad in the end No. Eric ------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
