On Sun, Apr 12, 2015 at 2:11 PM, Rob Landley <[email protected]> wrote: > On Sun, Apr 12, 2015 at 1:52 PM, Samuel Holland <[email protected]> wrote: >> Calling unshare(2) immediately puts us in the new namespace >> with the "overflow" user and group ID. By calling geteuid() >> and getegid() in handle_r() after calling unshare(), we try >> to map that to root, which Linux refuses to let us do. >> >> What we really want to map to root is the caller's uid/gid >> in the original namespace. So we have to save them before >> calling unshare(). > > Applied, but I'm curious why open("setgroups") is ignoring errors (but > doing xwrite() if the open succeeds) but write_ugid_map() is xopen(). > Do some kernels not have setgroups and that's ok, but everything needs > uid_map and gid_map or this command can't perform its functions?
Exactly. There are lots of kernels without setgroups, and the correct behavior on those kernels is to ignore the missing setgroups file. > > (It seems like this code could be collated and possibly moved to > lib... if the users agreed on error handling semantics. Which is a > more general problem: ) > > Rob > > P.S: I hate git because of crap like: > $ git log lib --stat > fatal: bad flag '--stat' used after filename > $ git log --stat lib > [ works fine ] > > There is simply no excuse for that. > _______________________________________________ > Toybox mailing list > [email protected] > http://lists.landley.net/listinfo.cgi/toybox-landley.net -- Andy Lutomirski AMA Capital Management, LLC _______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
