proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-05 19:50:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

lxc-checkconfig: verify new[ug]idmap are setuid-root

Browse Source 
Signed-off-by: Serge Hallyn <serge@hallyn.com>
This commit is contained in:
Serge Hallyn 2017-03-14 13:16:48 -05:00
parent 50de283493
commit f974149d92
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/lxc/tools/lxc-checkconfig.in
View File

@ -88,6 +88,24 @@ echo -n "Utsname namespace: " && is_enabled CONFIG_UTS_NS
echo -n "Ipc namespace: " && is_enabled CONFIG_IPC_NS yes
echo -n "Pid namespace: " && is_enabled CONFIG_PID_NS yes
echo -n "User namespace: " && is_enabled CONFIG_USER_NS
if is_set CONFIG_USER_NS; then
if type newuidmap > /dev/null 2>&1; then
f=`type -P newuidmap`
if [ ! -u "${f}" ]; then
echo "Warning: newuidmap is not setuid-root"
fi
else
echo "newuidmap is not installed"
fi
if type newgidmap > /dev/null 2>&1; then
f=`type -P newgidmap`
if [ ! -u "${f}" ]; then
echo "Warning: newgidmap is not setuid-root"
fi
else
echo "newgidmap is not installed"
fi
fi
echo -n "Network namespace: " && is_enabled CONFIG_NET_NS
if ([ $KVER_MAJOR -lt 4 ]) || ([ $KVER_MAJOR -eq 4 ] && [ $KVER_MINOR -lt 7 ]); then
echo -n "Multiple /dev/pts instances: " && is_enabled DEVPTS_MULTIPLE_INSTANCES