From f2e96b0934a6d1b3aac8a1d931e790c6226dd4e0 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Wed, 19 Dec 2018 18:07:03 +0100 Subject: rootless: add function to join user and mount namespace Add the possibility to join directly the user and mount namespace without looking up the parent of the user namespace. We need this in order to be able the conmon process, as the mount namespace is kept alive only there. Signed-off-by: Giuseppe Scrivano --- pkg/rootless/rootless_linux.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'pkg/rootless/rootless_linux.c') diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c index 9eb16c1a5..1d28ff68d 100644 --- a/pkg/rootless/rootless_linux.c +++ b/pkg/rootless/rootless_linux.c @@ -99,7 +99,7 @@ get_cmd_line_args (pid_t pid) } int -reexec_userns_join (int userns) +reexec_userns_join (int userns, int mountns) { pid_t ppid = getpid (); char uid[16]; @@ -131,6 +131,13 @@ reexec_userns_join (int userns) } close (userns); + if (mountns >= 0 && setns (mountns, 0) < 0) + { + fprintf (stderr, "cannot setns: %s\n", strerror (errno)); + _exit (EXIT_FAILURE); + } + close (userns); + if (syscall_setresgid (0, 0, 0) < 0) { fprintf (stderr, "cannot setresgid: %s\n", strerror (errno)); -- cgit v1.2.3-54-g00ecf