This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

GNU C Library master sources branch master updated. glibc-2.26.9000-790-gea69a5c


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  ea69a5c87498ba94eb804ab628000ecfc50d6710 (commit)
      from  8db7f48cb74670829df037b2d037df3f36b71ecd (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ea69a5c87498ba94eb804ab628000ecfc50d6710

commit ea69a5c87498ba94eb804ab628000ecfc50d6710
Author: Christian Brauner <christian.brauner@ubuntu.com>
Date:   Sat Nov 18 16:22:01 2017 +0100

    support_become_root: Don't fail when /proc/<pid/setgroups is missing
    
    The requirement to write "deny" to /proc/<pid>/setgroups for a given user
    namespace before being able to write a gid mapping was introduced in Linux
    3.19.  Before that this requirement including the file did not exist.
    So don't fail when errno == ENOENT.

diff --git a/ChangeLog b/ChangeLog
index b78f672..5e3d174 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2017-11-18  Christian Brauner <christian.brauner@ubuntu.com>
+
+	* support/support_become_root.c (setup_uid_gid_mapping): Don't fail
+	when /proc/<pid>/setgroups does not exist.
+
 2017-11-18  Florian Weimer  <fweimer@redhat.com>
 
 	* sysdeps/unix/sysv/linux/tst-ttyname.c
diff --git a/support/support_become_root.c b/support/support_become_root.c
index 5086570..e45c939 100644
--- a/support/support_become_root.c
+++ b/support/support_become_root.c
@@ -18,6 +18,7 @@
 
 #include <support/namespace.h>
 
+#include <errno.h>
 #include <fcntl.h>
 #include <sched.h>
 #include <stdio.h>
@@ -50,11 +51,21 @@ setup_uid_gid_mapping (uid_t original_uid, gid_t original_gid)
   xwrite (fd, buf, ret);
   xclose (fd);
 
-  /* Disable setgroups before mapping groups, otherwise that would
-     fail with EPERM.  */
-  fd = xopen ("/proc/self/setgroups", O_WRONLY, 0);
-  xwrite (fd, "deny\n", strlen ("deny\n"));
-  xclose (fd);
+  /* Linux 3.19 introduced the setgroups file.  We need write "deny" to this
+   * file otherwise writing to gid_map will fail with EPERM.  */
+  fd = open64 ("/proc/self/setgroups", O_WRONLY, 0);
+  if (fd < 0)
+    {
+      if (errno != ENOENT)
+        FAIL_EXIT1 ("open64 (\"/proc/self/setgroups\", 0x%x, 0%o): %m",
+                    O_WRONLY, 0);
+      /* This kernel doesn't expose the setgroups file so simply move on.  */
+    }
+  else
+    {
+      xwrite (fd, "deny\n", strlen ("deny\n"));
+      xclose (fd);
+    }
 
   /* Now map our own GID, like we did for the user ID.  */
   fd = xopen ("/proc/self/gid_map", O_WRONLY, 0);

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                     |    5 +++++
 support/support_become_root.c |   21 ++++++++++++++++-----
 2 files changed, 21 insertions(+), 5 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]