new[ug]idmap: not require CAP_SYS_ADMIN in the parent userNS

if the euid!=owner of the userns, the kernel returns EPERM when trying to write the uidmap and there is no CAP_SYS_ADMIN in the parent namespace. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2018-10-08 18:18:18 +02:00
parent 6bf2d74dfc
commit 1ecca8439d
6 changed files with 50 additions and 7 deletions
--- a/libmisc/idmapping.h
+++ b/libmisc/idmapping.h
@ -38,7 +38,7 @@ struct map_range {

 extern struct map_range *get_map_ranges(int ranges, int argc, char **argv);
 extern void write_mapping(int proc_dir_fd, int ranges,
-	struct map_range *mappings, const char *map_file);
+	struct map_range *mappings, const char *map_file, uid_t uid);

 #endif /* _ID_MAPPING_H_ */