mmdebstrap: fix perltidy formatting

This commit is contained in:
Johannes Schauer Marin Rodrigues 2024-06-26 07:32:30 +02:00
parent 37678c4fb5
commit 500b0d2512
Signed by untrusted user: josch
GPG key ID: F2CBA5C78FBD83E1

View file

@ -4293,8 +4293,8 @@ sub get_sourceslist_by_suite {
# the security mirror changes, starting with bullseye
# https://lists.debian.org/87r26wqr2a.fsf@43-1.org
my $bullseye_or_later = 0;
if (any { $_ eq $suite } ('oldstable', 'stable', 'bullseye', 'bookworm', 'trixie'))
{
if (any { $_ eq $suite }
('oldstable', 'stable', 'bullseye', 'bookworm', 'trixie')) {
$bullseye_or_later = 1;
}
my $distro_info = '/usr/share/distro-info/debian.csv';
@ -6973,13 +6973,29 @@ The above uses C<--map-auto> to map the block of user/group ids for the
effective user/group to a block starting at user/group ID 0. We also want to
map the current effective user/group ID into the subuid/subgid range using
C<--map-user> and C<--map-group>, respectively. But if that uid/gid overlaps
with the respective range, a "hole" will be removed from the mapping and the
remaining uid/gid values will get shifted. Thus, we map the current effective
user/group ID to the highest possible uid/gid, putting them at the end. Since
that means that the user/group will be "nobody" and not "root" inside the
namespace, C<--keep-caps> propagate permitted capabilities into the ambient set
and thus give the user C<CAP_DAC_OVERRIDE> and other capabilities that it
would've had.
with the respective range, a "hole" will be removed from the mapping by the
L<unshare(1)> utility and the remaining uid/gid values will get shifted. Thus,
we map the current effective user/group ID to the highest possible uid/gid,
putting them at the end. Since that means that the user/group will be "nobody"
and not "root" inside the namespace, C<--keep-caps> propagate permitted
capabilities into the ambient set and thus give the user C<CAP_DAC_OVERRIDE>
and other capabilities that it would've had. The following does B<NOT> work:
$ unshare --map-root-user --map-auto ... # or equavalient:
$ unshare --map-user=0 --map-group=0 --map-users=auto --map-groups=auto ...
Using the format of L<lxc-usernsexec(1)>, these options will result in the
following mapping:
0:$UID:1 + 1:$SUBUIDBASE:65535
So a hole is punched in the automatically mapped range at the very beginning to
make space for the user id of the current user as root inside the namespace and
the remaining uids are shifted. With C<--map-user=65536> the mapping is as
follows and places the current user at the end of the range, preventing any
shifting:
0:$SUBUIDBASE:65536 + 65536:$UID:1
Lastly, if you don't mind using superuser privileges and have systemd-nspawn
available and you know your subuid/subgid offset (100000 in this example):