[PATCH 11/11] newuidmap,newgidmap: New suid helpers for using subordinate uids and gids

Serge E. Hallyn serge at hallyn.com
Fri Oct 25 20:30:25 UTC 2013


Quoting Eric W. Biederman (ebiederm at xmission.com):

Hi,

> +static bool verify_range(struct passwd *pw, struct map_range *range)
> +{
> +	/* An empty range is invalid */
> +	if (range->count == 0)
> +		return false;
> +
> +	/* Test /etc/subuid */
> +	if (have_sub_uids(pw->pw_name, range->lower, range->count))
> +		return true;

I think the have_sub_uids() test should be skipped if we started
out as root.  Is there a reason not to do that?

-serge


More information about the Containers mailing list