proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-15 12:06:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

lxc_map_ids: add a comment

Browse Source 
Explain why we insist that root use newuidmap if it is available.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This commit is contained in:
Serge Hallyn 2014-09-15 00:35:02 +00:00 committed by Stéphane Graber
parent dc5518b82e
commit 22038de5f2
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/lxc/conf.c
View File

@ -3429,6 +3429,12 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
enum idtype type; enum idtype type;
char *buf = NULL, *pos, *cmdpath = NULL; char *buf = NULL, *pos, *cmdpath = NULL;
/*
* If newuidmap exists, that is, if shadow is handing out subuid
* ranges, then insist that root also reserve ranges in subuid. This
* will protected it by preventing another user from being handed the
* range by shadow.
*/
cmdpath = on_path("newuidmap", NULL); cmdpath = on_path("newuidmap", NULL);
if (cmdpath) { if (cmdpath) {
use_shadow = 1; use_shadow = 1;