new[ug]idmap: not require CAP_SYS_ADMIN in the parent userNS

if the euid!=owner of the userns, the kernel returns EPERM when trying to write the uidmap and there is no CAP_SYS_ADMIN in the parent namespace. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2018-10-08 18:18:18 +02:00
parent 6bf2d74dfc
commit 1ecca8439d
6 changed files with 50 additions and 7 deletions
--- a/configure.ac
+++ b/configure.ac
@@ -34,7 +34,7 @@ AC_HEADER_STDBOOL

 AC_CHECK_HEADERS(errno.h fcntl.h limits.h unistd.h sys/time.h utmp.h \
 	utmpx.h termios.h termio.h sgtty.h sys/ioctl.h syslog.h paths.h \
-	utime.h ulimit.h sys/resource.h gshadow.h lastlog.h \
+	utime.h ulimit.h sys/capability.h sys/resource.h gshadow.h lastlog.h \
 	locale.h rpc/key_prot.h netdb.h acl/libacl.h attr/libattr.h \
 	attr/error_context.h)