Fail in --mode=unshare when newuidmap is not available

This commit is contained in:
Jochen Sprickerhof 2023-02-22 10:07:06 +01:00 committed by Johannes Schauer Marin Rodrigues
parent 5885291213
commit 84ea1e042b
Signed by untrusted user: josch
GPG key ID: F2CBA5C78FBD83E1

View file

@ -304,7 +304,8 @@ sub shellescape {
} }
sub test_unshare_userns { sub test_unshare_userns {
my $verbose = shift; my $verbose = shift;
my $unshare_fail = shift;
if ($EFFECTIVE_USER_ID == 0) { if ($EFFECTIVE_USER_ID == 0) {
my $msg = "cannot unshare user namespace when executing as root"; my $msg = "cannot unshare user namespace when executing as root";
if ($verbose) { if ($verbose) {
@ -345,7 +346,11 @@ sub test_unshare_userns {
if (($? >> 8) == 127) { if (($? >> 8) == 127) {
my $msg = "cannot find newuidmap"; my $msg = "cannot find newuidmap";
if ($verbose) { if ($verbose) {
warning $msg; if ($unshare_fail) {
error $msg;
} else {
warning $msg;
}
} else { } else {
debug $msg; debug $msg;
} }
@ -4811,7 +4816,7 @@ sub main() {
} }
# ...or we are not root and then we need to be able to unshare the user # ...or we are not root and then we need to be able to unshare the user
# namespace. # namespace.
if ($EFFECTIVE_USER_ID != 0 && !test_unshare_userns(1)) { if ($EFFECTIVE_USER_ID != 0 && !test_unshare_userns(1, 1)) {
my $procfile = '/proc/sys/kernel/unprivileged_userns_clone'; my $procfile = '/proc/sys/kernel/unprivileged_userns_clone';
open(my $fh, '<', $procfile) open(my $fh, '<', $procfile)
or error "failed to open $procfile: $!"; or error "failed to open $procfile: $!";