Fail in --mode=unshare when newuidmap is not available
This commit is contained in:
parent
5885291213
commit
84ea1e042b
1 changed files with 8 additions and 3 deletions
11
mmdebstrap
11
mmdebstrap
|
@ -304,7 +304,8 @@ sub shellescape {
|
||||||
}
|
}
|
||||||
|
|
||||||
sub test_unshare_userns {
|
sub test_unshare_userns {
|
||||||
my $verbose = shift;
|
my $verbose = shift;
|
||||||
|
my $unshare_fail = shift;
|
||||||
if ($EFFECTIVE_USER_ID == 0) {
|
if ($EFFECTIVE_USER_ID == 0) {
|
||||||
my $msg = "cannot unshare user namespace when executing as root";
|
my $msg = "cannot unshare user namespace when executing as root";
|
||||||
if ($verbose) {
|
if ($verbose) {
|
||||||
|
@ -345,7 +346,11 @@ sub test_unshare_userns {
|
||||||
if (($? >> 8) == 127) {
|
if (($? >> 8) == 127) {
|
||||||
my $msg = "cannot find newuidmap";
|
my $msg = "cannot find newuidmap";
|
||||||
if ($verbose) {
|
if ($verbose) {
|
||||||
warning $msg;
|
if ($unshare_fail) {
|
||||||
|
error $msg;
|
||||||
|
} else {
|
||||||
|
warning $msg;
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
debug $msg;
|
debug $msg;
|
||||||
}
|
}
|
||||||
|
@ -4811,7 +4816,7 @@ sub main() {
|
||||||
}
|
}
|
||||||
# ...or we are not root and then we need to be able to unshare the user
|
# ...or we are not root and then we need to be able to unshare the user
|
||||||
# namespace.
|
# namespace.
|
||||||
if ($EFFECTIVE_USER_ID != 0 && !test_unshare_userns(1)) {
|
if ($EFFECTIVE_USER_ID != 0 && !test_unshare_userns(1, 1)) {
|
||||||
my $procfile = '/proc/sys/kernel/unprivileged_userns_clone';
|
my $procfile = '/proc/sys/kernel/unprivileged_userns_clone';
|
||||||
open(my $fh, '<', $procfile)
|
open(my $fh, '<', $procfile)
|
||||||
or error "failed to open $procfile: $!";
|
or error "failed to open $procfile: $!";
|
||||||
|
|
Loading…
Reference in a new issue