nspawn: optionally fix up OS tree uid/gids for userns

This adds a new --private-userns-chown switch that may be used in combination with --private-userns. If it is passed a recursive chmod() operation is run on the OS tree, fixing all file owner UID/GIDs to the right ranges. This should make user namespacing pretty workable, as the OS trees don't need to be prepared manually anymore.
mohit84 · Apr 25, 2016 · 7336138 · 7336138
1 parent 6402d5c
commit 7336138
Show file tree

Hide file tree

Showing 6 changed files with 560 additions and 2 deletions.
diff --git a/.gitignore b/.gitignore
@@ -240,6 +240,7 @@
 /test-ns
 /test-nss
 /test-parse-util
+/test-patch-uid
 /test-path
 /test-path-lookup
 /test-path-util

diff --git a/Makefile.am b/Makefile.am
@@ -3021,6 +3021,8 @@ systemd_nspawn_SOURCES = \
 	src/nspawn/nspawn-setuid.h \
 	src/nspawn/nspawn-stub-pid1.c \
 	src/nspawn/nspawn-stub-pid1.h \
+	src/nspawn/nspawn-patch-uid.c \
+	src/nspawn/nspawn-patch-uid.h \
 	src/core/mount-setup.c \
 	src/core/mount-setup.h \
 	src/core/loopback-setup.c \
@@ -3048,6 +3050,17 @@ systemd_nspawn_LDADD += \
 	libfirewall.la
 endif
 
+test_patch_uid_SOURCES = \
+	src/nspawn/nspawn-patch-uid.c \
+	src/nspawn/nspawn-patch-uid.h \
+	src/nspawn/test-patch-uid.c
+
+test_patch_uid_LDADD = \
+	libshared.la
+
+manual_tests += \
+	test-patch-uid
+
 # ------------------------------------------------------------------------------
 systemd_run_SOURCES = \
 	src/run/run.c