POTD skeleton #56.

Signed-off-by: lns <matzeton@googlemail.com>
author: lns <matzeton@googlemail.com> 2018-05-15 22:59:34 +0200
committer: lns <matzeton@googlemail.com> 2018-05-15 22:59:34 +0200
commit: ffdf43212d29d38e51e067c04891c600f5318c01 (patch)
tree: d88af2881ff786214e0fe9b77765e163e568904b /src/jail.c
parent: 813b4e3e5fc16a69c35bfcd1c4eba248c11f3e7c (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/jail.c b/src/jail.c
index 8a2f410..b083c5a 100644
--- a/src/jail.c
+++ b/src/jail.c
@@ -233,6 +233,7 @@ static int jail_childfn(prisoner_process *ctx)
     int s, master_fd;
     int unshare_flags = CLONE_NEWUTS|CLONE_NEWPID|CLONE_NEWIPC|
         CLONE_NEWNS|CLONE_NEWNET/*|CLONE_NEWUSER*/;
+    unsigned int ug_map[3] = { 0, 10000, 65535 };
     pid_t self_pid, child_pid;
 
     assert(ctx);
@@ -249,6 +250,8 @@ static int jail_childfn(prisoner_process *ctx)
     D2("Unshare prisoner %d", self_pid);
     if (unshare(unshare_flags))
         FATAL("Unshare prisoner %d", self_pid);
+    if (update_uid_map(getpid(), ug_map))
+        FATAL("UID mapping for %d", getpid());
 
     D2("Safe change root to: '%s'", ctx->newroot);
     if (safe_chroot(ctx->newroot))
author	lns <matzeton@googlemail.com>	2018-05-15 22:59:34 +0200
committer	lns <matzeton@googlemail.com>	2018-05-15 22:59:34 +0200
commit	ffdf43212d29d38e51e067c04891c600f5318c01 (patch)
tree	d88af2881ff786214e0fe9b77765e163e568904b /src/jail.c
parent	813b4e3e5fc16a69c35bfcd1c4eba248c11f3e7c (diff)