Improve the way uid/gid changes in unprivileged userns
This change uses whatever was passed into the -u/-g flags as the user to change
in the user namespace. This is used to fix an issue where calling open(2) on a
file on the tmpfs created by minijail would return EOVERFLOW[1]. An easy way to
reproduce is running this on a 4.8 kernel (or Ubuntu Xenial, which has this
change backported):
$ ./minijail0 -T static -Ut -- /bin/bash -c 'touch /tmp/foo'
This change allows a non-zero uid/gid to be mapped to the current user when
entering a namespace, to avoid the above issue.
1: More information about the bug here:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1659087
Bug: None
Test: make tests
Test: ./minijail0 -T static -Ut -u 1000 -g 1000 -M -m -- \
/bin/bash -c 'touch /tmp/foo'
Change-Id: I393daaf8c2b2355e33c75a908345bb03f1980271
diff --git a/system.c b/system.c
index 7d72eaa..11903a4 100644
--- a/system.c
+++ b/system.c
@@ -17,7 +17,9 @@
#include <errno.h>
#include <fcntl.h>
+#include <grp.h>
#include <net/if.h>
+#include <pwd.h>
#include <stdbool.h>
#include <stdio.h>
#include <string.h>
@@ -287,3 +289,73 @@
}
return chown(dest, uid, gid);
}
+
+/*
+ * lookup_user: Gets the uid/gid for the given username.
+ */
+int lookup_user(const char *user, uid_t *uid, gid_t *gid)
+{
+ char *buf = NULL;
+ struct passwd pw;
+ struct passwd *ppw = NULL;
+ ssize_t sz = sysconf(_SC_GETPW_R_SIZE_MAX);
+ if (sz == -1)
+ sz = 65536; /* your guess is as good as mine... */
+
+ /*
+ * sysconf(_SC_GETPW_R_SIZE_MAX), under glibc, is documented to return
+ * the maximum needed size of the buffer, so we don't have to search.
+ */
+ buf = malloc(sz);
+ if (!buf)
+ return -ENOMEM;
+ getpwnam_r(user, &pw, buf, sz, &ppw);
+ /*
+ * We're safe to free the buffer here. The strings inside |pw| point
+ * inside |buf|, but we don't use any of them; this leaves the pointers
+ * dangling but it's safe. |ppw| points at |pw| if getpwnam_r(3)
+ * succeeded.
+ */
+ free(buf);
+ /* getpwnam_r(3) does *not* set errno when |ppw| is NULL. */
+ if (!ppw)
+ return -1;
+
+ *uid = ppw->pw_uid;
+ *gid = ppw->pw_gid;
+ return 0;
+}
+
+/*
+ * lookup_group: Gets the gid for the given group name.
+ */
+int lookup_group(const char *group, gid_t *gid)
+{
+ char *buf = NULL;
+ struct group gr;
+ struct group *pgr = NULL;
+ ssize_t sz = sysconf(_SC_GETGR_R_SIZE_MAX);
+ if (sz == -1)
+ sz = 65536; /* and mine is as good as yours, really */
+
+ /*
+ * sysconf(_SC_GETGR_R_SIZE_MAX), under glibc, is documented to return
+ * the maximum needed size of the buffer, so we don't have to search.
+ */
+ buf = malloc(sz);
+ if (!buf)
+ return -ENOMEM;
+ getgrnam_r(group, &gr, buf, sz, &pgr);
+ /*
+ * We're safe to free the buffer here. The strings inside gr point
+ * inside buf, but we don't use any of them; this leaves the pointers
+ * dangling but it's safe. pgr points at gr if getgrnam_r succeeded.
+ */
+ free(buf);
+ /* getgrnam_r(3) does *not* set errno when |pgr| is NULL. */
+ if (!pgr)
+ return -1;
+
+ *gid = pgr->gr_gid;
+ return 0;
+}