lxc-checkconfig: verify new[ug]idmap are setuid-root

Signed-off-by: Serge Hallyn <serge@hallyn.com>

src/lxc/tools/lxc-checkconfig.in

@@ -88,6 +88,24 @@ echo -n "Utsname namespace: " && is_enabled CONFIG_UTS_NS
 echo -n "Ipc namespace: " && is_enabled CONFIG_IPC_NS yes
 echo -n "Pid namespace: " && is_enabled CONFIG_PID_NS yes
 echo -n "User namespace: " && is_enabled CONFIG_USER_NS
+if is_set CONFIG_USER_NS; then
+	if type newuidmap > /dev/null 2>&1; then
+		f=`type -P newuidmap`
+		if [ ! -u "${f}" ]; then
+			echo "Warning: newuidmap is not setuid-root"
+		fi
+	else
+		echo "newuidmap is not installed"
+	fi
+	if type newgidmap > /dev/null 2>&1; then
+		f=`type -P newgidmap`
+		if [ ! -u "${f}" ]; then
+			echo "Warning: newgidmap is not setuid-root"
+		fi
+	else
+		echo "newgidmap is not installed"
+	fi
+fi
 echo -n "Network namespace: " && is_enabled CONFIG_NET_NS
 if ([ $KVER_MAJOR -lt 4 ]) || ([ $KVER_MAJOR -eq 4 ] && [ $KVER_MINOR -lt 7 ]); then
 	echo -n "Multiple /dev/pts instances: " && is_enabled DEVPTS_MULTIPLE_INSTANCES