POTD skeleton #57.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

1 files changed, 12 insertions, 3 deletions

diff --git a/src/jail.c b/src/jail.c
index b083c5a..ff45bad 100644
--- a/src/jail.c
+++ b/src/jail.c
@@ -233,7 +233,7 @@ static int jail_childfn(prisoner_process *ctx)
     int s, master_fd;
     int unshare_flags = CLONE_NEWUTS|CLONE_NEWPID|CLONE_NEWIPC|
         CLONE_NEWNS|CLONE_NEWNET/*|CLONE_NEWUSER*/;
-    unsigned int ug_map[3] = { 0, 10000, 65535 };
+    //unsigned int ug_map[3] = { 0, 10000, 65535 };
     pid_t self_pid, child_pid;
 
     assert(ctx);
@@ -247,11 +247,12 @@ static int jail_childfn(prisoner_process *ctx)
     if (!ctx->newroot)
         FATAL("New root set for pid %d", self_pid);
 
+    if (clearenv())
+        FATAL("Clearing ENV for pid %d", self_pid);
+
     D2("Unshare prisoner %d", self_pid);
     if (unshare(unshare_flags))
         FATAL("Unshare prisoner %d", self_pid);
-    if (update_uid_map(getpid(), ug_map))
-        FATAL("UID mapping for %d", getpid());
 
     D2("Safe change root to: '%s'", ctx->newroot);
     if (safe_chroot(ctx->newroot))
@@ -308,6 +309,14 @@ static int jail_childfn(prisoner_process *ctx)
         case 0:
             if (mount_proc(path_proc))
                 exit(EXIT_FAILURE);
+/*
+            if (update_setgroups_self(0))
+                exit(EXIT_FAILURE);
+            if (update_guid_map(getpid(), ug_map, 0))
+                exit(EXIT_FAILURE);
+            if (update_guid_map(getpid(), ug_map, 1))
+                exit(EXIT_FAILURE);
+*/
             if (close_fds_except(0, 1, 2, -1))
                 exit(EXIT_FAILURE);
             if (execl(path_shell, path_shell, (char *) NULL))