emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

Merge pull request #132 from giuseppe/no-cap-sys-admin

Browse Source 
newuidmap/newgidmap: do not require CAP_SYS_ADMIN in the parent user namespace
This commit is contained in:
Serge Hallyn
2018-10-27 11:22:37 -05:00
committed by GitHub
parent ff8b1ebafa 1ecca8439d
commit d5255da20b
6 changed files with 50 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Makefile.am
View File

@@ -86,8 +86,8 @@ LIBCRYPT_NOPAM = $(LIBCRYPT)
endif
chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
newuidmap_LDADD = $(LDADD) $(LIBSELINUX)
newgidmap_LDADD = $(LDADD) $(LIBSELINUX)
newuidmap_LDADD = $(LDADD) $(LIBSELINUX) $(LIBCAP)
newgidmap_LDADD = $(LDADD) $(LIBSELINUX) $(LIBCAP)
chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)

2
src/newgidmap.c
View File

@@ -250,7 +250,7 @@ int main(int argc, char **argv)
verify_ranges(pw, ranges, mappings, &allow_setgroups);
write_setgroups(proc_dir_fd, allow_setgroups);
write_mapping(proc_dir_fd, ranges, mappings, "gid_map");
write_mapping(proc_dir_fd, ranges, mappings, "gid_map", pw->pw_uid);
sub_gid_close();
return EXIT_SUCCESS;

2
src/newuidmap.c
View File

@@ -179,7 +179,7 @@ int main(int argc, char **argv)
verify_ranges(pw, ranges, mappings);
write_mapping(proc_dir_fd, ranges, mappings, "uid_map");
write_mapping(proc_dir_fd, ranges, mappings, "uid_map", pw->pw_uid);
sub_uid_close();
return EXIT_SUCCESS;