[Pkg-shadow-devel] [PATCH 00/11] pkg-shadow support subordinate ids with user namespaces

Eric W. Biederman ebiederm at xmission.com
Thu Mar 7 22:56:00 UTC 2013 

"Serge E. Hallyn" <serge at hallyn.com> writes:

> Quoting Dwight Engen (dwight.engen at oracle.com):
> ...
>> diff -ur shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
>> --- shadow-4.1.5.1.orig/src/usermod.c	2013-03-06 16:20:53.872175769 -0500
>> +++ shadow-4.1.5.1/src/usermod.c	2013-03-06 16:53:17.560141517 -0500
>> @@ -410,9 +410,9 @@
>>  	(void) fputs (_("  -u, --uid UID                 new UID for the user account\n"), usageout);
>>  	(void) fputs (_("  -U, --unlock                  unlock the user account\n"), usageout);
>>  	(void) fputs (_("  -v, --add-subuids FIRST-LAST  add range of subordinate uids\n"), usageout);
>> -	(void) fputs (_("  -V, --del-subuids FIRST-LAST  remvoe range of subordinate uids\n"), usageout);
>> +	(void) fputs (_("  -V, --del-subuids FIRST-LAST  remove range of subordinate uids\n"), usageout);
>>  	(void) fputs (_("  -w, --add-subgids FIRST-LAST  add range of subordinate gids\n"), usageout);
>> -	(void) fputs (_("  -W, --del-subgids FIRST-LAST  remvoe range of subordinate gids\n"), usageout);
>> +	(void) fputs (_("  -W, --del-subgids FIRST-LAST  remove range of subordinate gids\n"), usageout);
>>  #ifdef WITH_SELINUX
>>  	(void) fputs (_("  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account\n"), usageout);
>>  #endif				/* WITH_SELINUX */
>> @@ -993,9 +993,9 @@
>>  		};
>>  		while ((c = getopt_long (argc, argv,
>>  #ifdef WITH_SELINUX
>> -			                 "ac:d:e:f:g:G:hl:Lmop:R:s:u:UZ:",
>> +			                 "ac:d:e:f:g:G:hl:Lmop:R:s:u:Uv:V:w:W:Z:",
>>  #else				/* !WITH_SELINUX */
>> -			                 "ac:d:e:f:g:G:hl:Lmop:R:s:u:U",
>> +			                 "ac:d:e:f:g:G:hl:Lmop:R:s:u:Uv:V:w:W:",
>>  #endif				/* !WITH_SELINUX */
>>  			                 long_options, NULL)) != -1) {
>>  			switch (c) {
>
> This hunk I've already emailed to Eric :)  
> Note there is also a "break;" needed around line 1141.
>
> Great to see more people testing this.  Hopefully it will help to ease the
> mind of the maintainers in considering merging this.

Yes.  It looks like we are going to have to setup a public repository
somewhere to collect all of the changes and bug fixes.  Not that I
expect too many but clearly there are a few needed.

Sigh I was hoping shadow had an active mainter, and creating a public
feature branch would not have been necessary.

Eric

More information about the Pkg-shadow-devel mailing list