machine: ignore containers which disable private user namespace in MapToMachine{User...

author Yu Watanabe <watanabe.yu+github@gmail.com>

Wed, 13 Jun 2018 14:59:35 +0000 (23:59 +0900)

committer Lennart Poettering <lennart@poettering.net>

Wed, 13 Jun 2018 17:05:32 +0000 (19:05 +0200)
author Yu Watanabe <watanabe.yu+github@gmail.com>
Wed, 13 Jun 2018 14:59:35 +0000 (23:59 +0900)
committer Lennart Poettering <lennart@poettering.net>
Wed, 13 Jun 2018 17:05:32 +0000 (19:05 +0200)
diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c

index cb46718696dd5df4941b49bb19e38d6fe65a3c2c..f45e592062231152e47c37796396fb5e89b33dda 100644 (file)
--- a/src/machine/machined-dbus.c
+++ b/src/machine/machined-dbus.c
@@ -1010,6 +1010,10 @@ static int method_map_to_machine_user(sd_bus_message *message, void *userdata, s
                                  return -EIO;
                          }
  
+                        /* The private user namespace is disabled, ignoring. */
+                        if (uid_shift == 0)
+                                continue;
+
                          if (uid < uid_shift || uid >= uid_shift + uid_range)
                                  continue;
  
@@ -1128,6 +1132,10 @@ static int method_map_to_machine_group(sd_bus_message *message, void *groupdata,
                                  return -EIO;
                          }
  
+                        /* The private user namespace is disabled, ignoring. */
+                        if (gid_shift == 0)
+                                continue;
+
                          if (gid < gid_shift || gid >= gid_shift + gid_range)
                                  continue;
author	Yu Watanabe <watanabe.yu+github@gmail.com>
	Wed, 13 Jun 2018 14:59:35 +0000 (23:59 +0900)
committer	Lennart Poettering <lennart@poettering.net>
	Wed, 13 Jun 2018 17:05:32 +0000 (19:05 +0200)