diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2018-06-13 16:59:35 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2018-06-13 19:05:32 +0200 |
| commit | 24f5a4c7c69ea6c3f9c292030fad06d1015eb333 (patch) | |
| tree | 1fa60e7528d8fb52aa702759e8490f5f863a52d6 /src/machine/machined-dbus.c | |
| parent | networkd: Don't try to close fd in sd_radv_stop if fd is closed. (diff) | |
| download | systemd-24f5a4c7c69ea6c3f9c292030fad06d1015eb333.tar.xz systemd-24f5a4c7c69ea6c3f9c292030fad06d1015eb333.zip | |
machine: ignore containers which disable private user namespace in MapToMachine{User,Group}
Fixes #9286.
Diffstat (limited to '')
| -rw-r--r-- | src/machine/machined-dbus.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c index cb46718696..f45e592062 100644 --- a/src/machine/machined-dbus.c +++ b/src/machine/machined-dbus.c @@ -1010,6 +1010,10 @@ static int method_map_to_machine_user(sd_bus_message *message, void *userdata, s return -EIO; } + /* The private user namespace is disabled, ignoring. */ + if (uid_shift == 0) + continue; + if (uid < uid_shift || uid >= uid_shift + uid_range) continue; @@ -1128,6 +1132,10 @@ static int method_map_to_machine_group(sd_bus_message *message, void *groupdata, return -EIO; } + /* The private user namespace is disabled, ignoring. */ + if (gid_shift == 0) + continue; + if (gid < gid_shift || gid >= gid_shift + gid_range) continue; |