Improve the way uid/gid changes in unprivileged userns
This change uses whatever was passed into the -u/-g flags as the user to change
in the user namespace. This is used to fix an issue where calling open(2) on a
file on the tmpfs created by minijail would return EOVERFLOW[1]. An easy way to
reproduce is running this on a 4.8 kernel (or Ubuntu Xenial, which has this
change backported):
$ ./minijail0 -T static -Ut -- /bin/bash -c 'touch /tmp/foo'
This change allows a non-zero uid/gid to be mapped to the current user when
entering a namespace, to avoid the above issue.
1: More information about the bug here:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1659087
Bug: None
Test: make tests
Test: ./minijail0 -T static -Ut -u 1000 -g 1000 -M -m -- \
/bin/bash -c 'touch /tmp/foo'
Change-Id: I393daaf8c2b2355e33c75a908345bb03f1980271
diff --git a/system.h b/system.h
index 93537bf..2bdebe5 100644
--- a/system.h
+++ b/system.h
@@ -65,6 +65,9 @@
int setup_mount_destination(const char *source, const char *dest, uid_t uid,
uid_t gid, bool bind);
+int lookup_user(const char *user, uid_t *uid, gid_t *gid);
+int lookup_group(const char *group, gid_t *gid);
+
#ifdef __cplusplus
}; /* extern "C" */
#endif
