From e972be3c4b9ee5c00933e80e2756b4601baf66cc Mon Sep 17 00:00:00 2001 From: Pádraig Brady Date: Mon, 3 Mar 2014 01:54:36 +0000 Subject: chroot: improve --userspec and --groups look-up - Support arbitrary numbers in --groups, consistent with what is already done for --userspec - Avoid look-ups entirely for --groups items with a leading '+' - Support names that are actually numbers in --groups - Ignore an empty --groups="" option for consistency with --userspec - Look up both inside and outside the chroot with inside taking precedence. The look-up outside may load required libraries to complete the look-up inside the chroot. This can happen for example with a 32 bit chroot on a 64 bit system, where the 32 bit NSS plugins within the chroot fail to load. * src/chroot.c (parse_additional_groups): A new function refactored from set_addition_groups(), to just do the parsing. The actual setgroups() call is separated out for calling from the chroot later. (main): Call parse_user_spec() and parse_additional_groups() both outside and inside the chroot for the reasons outlined above. * tests/misc/chroot-credentials.sh: Ensure arbitrary numeric IDs can be specified without causing look-up errors. * NEWS: Mention the improvements. * THANKS.in: Add Norihiro Kamae who initially reported the issue with a proposed patch. Also thanks to Dmitry V. Levin for his diagnosis and sample patch. --- THANKS.in | 1 + 1 file changed, 1 insertion(+) (limited to 'THANKS.in') diff --git a/THANKS.in b/THANKS.in index fb7d6e084..561d18ce2 100644 --- a/THANKS.in +++ b/THANKS.in @@ -469,6 +469,7 @@ Nima Nikzad nnikzad@ucla.edu Noah Friedman friedman@splode.com Noel Cragg noel@red-bean.com Norbert Kiesel nkiesel@tbdnetworks.com +Norihiro Kamae norihiro@nagater.net Olatunji Oluwabukunmi Ruwase tjruwase@stanford.edu Olav Morkrid olav@funcom.com Ole Laursen olau@hardworking.dk -- cgit v1.2.3-54-g00ecf