diff options
author | Karel Zak | 2015-01-08 12:52:43 +0100 |
---|---|---|
committer | Karel Zak | 2015-01-09 10:36:21 +0100 |
commit | e99a6626d6262266f012a20ae69c8e4573ee22fd (patch) | |
tree | 4b29fc9f9443bcfd55988198438f804a51cdc3b2 /sys-utils/nsenter.1 | |
parent | nsenter: keep semantic consistent (diff) | |
download | kernel-qcow2-util-linux-e99a6626d6262266f012a20ae69c8e4573ee22fd.tar.gz kernel-qcow2-util-linux-e99a6626d6262266f012a20ae69c8e4573ee22fd.tar.xz kernel-qcow2-util-linux-e99a6626d6262266f012a20ae69c8e4573ee22fd.zip |
nsenter: add --preserve-credentials and cleanup setgroups() usage
The new option --preserve-credentials completely disables all
operations related to UIGs and GIDs.
The patch also calls setgroups() before we enter user namespace (so
root can always clear their groups) and after we enter user namespace
(to detect /proc/self/setgroups "deny"). If both fail then nsenter
complains.
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'sys-utils/nsenter.1')
-rw-r--r-- | sys-utils/nsenter.1 | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sys-utils/nsenter.1 b/sys-utils/nsenter.1 index 487f731dc..0b1fceb36 100644 --- a/sys-utils/nsenter.1 +++ b/sys-utils/nsenter.1 @@ -136,6 +136,10 @@ Set the user ID which will be used in the entered namespace. .BR nsenter (1) always sets UID for user namespaces, the default is 0. .TP +\fB\-\-preserve-credentials\fR +Don't modify UID and GID when enter user namespace. The default is to +drops supplementary groups and sets GID and UID to 0. +.TP \fB\-r\fR, \fB\-\-root\fR[=\fIdirectory\fR] Set the root directory. If no directory is specified, set the root directory to the root directory of the target process. If directory is specified, set the |