[Pkg-shadow-devel] [test] newuidmap/newgidmap]

Philippe Grégoire gregoirep at hotmail.com
Wed Jun 4 22:30:19 UTC 2014


Forgot to Cc to the list...


-------- Message d'origine --------
De : "Philippe Grégoire" <gregoirep at hotmail.com>
Envoyé: 4 juin 2014 11:27:48 HAE
À : Serge Hallyn <serge.hallyn at ubuntu.com>
Objet : Re: [Pkg-shadow-devel] [test] newuidmap/newgidmap]



On 4 juin 2014 09:20:19 HAE, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
>Quoting Philippe Grégoire (gregoirep at hotmail.com):
>> After all, what I asked for was for a precision in
>> newuidmap(1) stating that it is not meant to be used by privileged
>users and advise to fallback on the kernel.
>
>Would something like the following in the newuidmap manpage
>help in your opinion?
>
>"The newuidmap sets /proc/[pid]/uid_map based on it's command line
>arguments
>and the uids allowed in /etc/subuid.  The root user is not exempted
>from the
>requirement for a valid /etc/subuid entry."

Brief and precise. It mentions the issue we've met. I think that, yes, it would help.

I guess that the best practice, for toolsets, should be to ask the user if he's in subuid if newuidmap fails. And if the admin doesn't install uidmap/newuidmap, he won't be able to manage subuids... use unprivileged containers?

Wouldn't it be more practical and secure if subuid was in the kernel (a la apparmor)? I know Eric has arguments against it and I don't know enough about those points to comment, but is it really not an appropriate path? Just asking...

Thanks Serge and Eric,

P. G.




More information about the Pkg-shadow-devel mailing list