diff options
author | Pádraig Brady <P@draigBrady.com> | 2014-03-03 01:54:36 +0000 |
---|---|---|
committer | Pádraig Brady <P@draigBrady.com> | 2014-03-13 14:07:45 +0000 |
commit | e972be3c4b9ee5c00933e80e2756b4601baf66cc (patch) | |
tree | 5a2b00bd7b65c9d05192c71ed6bdfad84cedda77 /NEWS | |
parent | 08140ecd48de9a5970992ab284dd11dbd3a0b14d (diff) | |
download | coreutils-e972be3c4b9ee5c00933e80e2756b4601baf66cc.tar.xz |
chroot: improve --userspec and --groups look-up
- Support arbitrary numbers in --groups, consistent with
what is already done for --userspec
- Avoid look-ups entirely for --groups items with a leading '+'
- Support names that are actually numbers in --groups
- Ignore an empty --groups="" option for consistency with --userspec
- Look up both inside and outside the chroot with inside taking
precedence. The look-up outside may load required libraries
to complete the look-up inside the chroot. This can happen for
example with a 32 bit chroot on a 64 bit system, where the
32 bit NSS plugins within the chroot fail to load.
* src/chroot.c (parse_additional_groups): A new function refactored
from set_addition_groups(), to just do the parsing. The actual
setgroups() call is separated out for calling from the chroot later.
(main): Call parse_user_spec() and parse_additional_groups()
both outside and inside the chroot for the reasons outlined above.
* tests/misc/chroot-credentials.sh: Ensure arbitrary numeric IDs
can be specified without causing look-up errors.
* NEWS: Mention the improvements.
* THANKS.in: Add Norihiro Kamae who initially reported the issue
with a proposed patch.
Also thanks to Dmitry V. Levin for his diagnosis and sample patch.
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -35,6 +35,10 @@ GNU coreutils NEWS -*- outline -*- ** Improvements + chroot has better --userspec and --group look-ups, with numeric IDs never + causing name look-up errors. Also look-ups are first done outside the chroot, + in case the look-up within the chroot fails due to library conflicts etc. + stat and tail work better with HFS+ and HFSX. stat -f --format=%T now reports the file system type, and tail -f now uses inotify for files, rather than the default of issuing a warning and reverting to polling. |