[systemd-devel] nspawn --private-users and setuid

Leroy Pubel Fri, 11 Dec 2015 10:39:02 -0800

Is it considered safe to setuid on a root-owned binary that launches
systemd-nspawn with the argument  "--private-users=1000:1"?


i.e.

/* user-nspawn.c */
#include <unistd.h>
int main() {
   const char * binary = "/usr/bin/systemd-nspawn";
   execl(binary, binary, "--private-users=1000:1", (char *)NULL);
}

gcc -o user-nspawn user-nspawn.c
su
chown root:root user-nspawn
chmod +s user-nspawn

_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] nspawn --private-users and setuid

Reply via email to