summaryrefslogtreecommitdiffstats
path: root/src/home/homework-mount.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2022-02-15 18:22:37 +0100
committerLennart Poettering <lennart@poettering.net>2022-02-16 13:37:01 +0100
commit1af53c0fa8a945616e371cb9cc75ea882874a09c (patch)
treef22f1acbe2d86e59ac7d14f23b616eff047c73ce /src/home/homework-mount.c
parentTODO (diff)
downloadsystemd-1af53c0fa8a945616e371cb9cc75ea882874a09c.tar.xz
systemd-1af53c0fa8a945616e371cb9cc75ea882874a09c.zip
homed: when using id mapping on the home dirs, also do an identity mapping for the container UID ranges
Apparently people really want to put high UIDs in their homedirs. Let's add some minimal support for that. Further discussion: https://github.com/systemd/systemd/pull/22239#issuecomment-1040421552 Inspired by, based on, and replacing #22239 by Christian Brauner.
Diffstat (limited to 'src/home/homework-mount.c')
-rw-r--r--src/home/homework-mount.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/home/homework-mount.c b/src/home/homework-mount.c
index 0b028dad37..35645e292e 100644
--- a/src/home/homework-mount.c
+++ b/src/home/homework-mount.c
@@ -209,6 +209,13 @@ static int make_userns(uid_t stored_uid, uid_t exposed_uid) {
if (r < 0)
return log_oom();
+ /* Also map the container range. People can use that to place containers owned by high UIDs in their
+ * home directories if they really want. We won't manage this UID range for them but pass it through
+ * 1:1, and it will lose its meaning once migrated between hosts. */
+ r = append_identity_range(&text, CONTAINER_UID_BASE_MIN, CONTAINER_UID_BASE_MAX+1, stored_uid);
+ if (r < 0)
+ return log_oom();
+
/* Leave everything else unmapped, starting from UID_NOBODY itself. Specifically, this means the
* whole space outside of 16bit remains unmapped */