Allow entering a user namespace with a default gid mapping.
https://android-review.googlesource.com/253910 added functionality to
enter a user namespace with a default uid mapping. This CL completes
that with a default gid mapping.
This is useful when using user namespaces to gain root inside a
namespace. Note that setting the gid map as a non-root user requires
disabling the setgroups(2) system call by writing "deny" to
/proc/[pid]/setgroups.
Eventually we might expose disabling setgroups(2) as a command-line
option, but there's no need to do it now.
Bug: 30691131
Test: Using minijail0:
$ ./minijail0 -m /usr/bin/id
uid=0(root) gid=65534(nogroup) groups=0(root),65534(nogroup)
$ ./minijail0 -m -M /usr/bin/id
uid=0(root) gid=0(root) groups=0(root),65534(nogroup)
Change-Id: I8f91bc43516a47df7bbf12a121cf658e89861aa0
3 files changed