unshare: Add possibility to add mapping into root user in user namespace

This makes it very convenient to use make use of privileged actions
on CONFIG_USER_NS enabled kernels, without having to manually tinker
with uid_map and gid_map to obtain required credentials (as those
given upon unshare() vanish with call to execve() and lot of userspace
checks for euid==0 anyway).

Usage example:

$ unshare --uts
unshare: unshare failed: Operation not permitted

$ unshare --user --uts
[nfsnobody@odvarok ~]$ hostname swag
hostname: you must be root to change the host name

$ unshare -r --uts
[root@odvarok util-linux]# hostname swag
[root@odvarok util-linux]#

[kzak@redhat.com: - move code to map_id()
                  - use all-io.h
                  - add paths to pathnames.h]

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Karel Zak <kzak@redhat.com>

1 files changed, 3 insertions, 0 deletions

diff --git a/include/pathnames.h b/include/pathnames.h
index dce98d2a4..2957dacb5 100644
--- a/include/pathnames.h
+++ b/include/pathnames.h
@@ -87,6 +87,9 @@
 #define _PATH_PROC_LOCKS        "/proc/locks"
 #define _PATH_PROC_CDROMINFO	"/proc/sys/dev/cdrom/info"
 
+#define _PATH_PROC_UIDMAP	"/proc/self/uid_map"
+#define _PATH_PROC_GIDMAP	"/proc/self/gid_map"
+
 #define _PATH_PROC_ATTR_CURRENT	"/proc/self/attr/current"
 #define _PATH_PROC_ATTR_EXEC	"/proc/self/attr/exec"
 #define _PATH_PROC_CAPLASTCAP	"/proc/sys/kernel/cap_last_cap"