From 4da21e374e34350941d54f7b0fe33a06d92e9eaa Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Fri, 27 Dec 2013 22:14:48 +0100 Subject: unshare: Add possibility to add mapping into root user in user namespace This makes it very convenient to use make use of privileged actions on CONFIG_USER_NS enabled kernels, without having to manually tinker with uid_map and gid_map to obtain required credentials (as those given upon unshare() vanish with call to execve() and lot of userspace checks for euid==0 anyway). Usage example: $ unshare --uts unshare: unshare failed: Operation not permitted $ unshare --user --uts [nfsnobody@odvarok ~]$ hostname swag hostname: you must be root to change the host name $ unshare -r --uts [root@odvarok util-linux]# hostname swag [root@odvarok util-linux]# [kzak@redhat.com: - move code to map_id() - use all-io.h - add paths to pathnames.h] Signed-off-by: Lubomir Rintel Signed-off-by: Karel Zak --- include/pathnames.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'include/pathnames.h') diff --git a/include/pathnames.h b/include/pathnames.h index dce98d2a4..2957dacb5 100644 --- a/include/pathnames.h +++ b/include/pathnames.h @@ -87,6 +87,9 @@ #define _PATH_PROC_LOCKS "/proc/locks" #define _PATH_PROC_CDROMINFO "/proc/sys/dev/cdrom/info" +#define _PATH_PROC_UIDMAP "/proc/self/uid_map" +#define _PATH_PROC_GIDMAP "/proc/self/gid_map" + #define _PATH_PROC_ATTR_CURRENT "/proc/self/attr/current" #define _PATH_PROC_ATTR_EXEC "/proc/self/attr/exec" #define _PATH_PROC_CAPLASTCAP "/proc/sys/kernel/cap_last_cap" -- cgit v1.2.3-55-g7522