You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
idmaptool_on_path_and_privileged is supposed to control whether the newuidmap and newgidmap tools are used, skipping them if they lack both setuid and CAP_SETUID/CAP_SETGID file capabilities. However, if they lack any of these permissions, the function still returns success.
This appears to have been introduced by commit 3275932. The previous version stored the return value in a local variable, and the refactorer appears to have thought that this value was always set to one by the bottom of the function, when it could actually keep it's default value the whole way through.
Steps to reproduce
Remove setuid and all file capabilities from /usr/bin/newuidmap
Start a container with a non-trivial uid map
The text was updated successfully, but these errors were encountered:
Issue description
idmaptool_on_path_and_privileged is supposed to control whether the newuidmap and newgidmap tools are used, skipping them if they lack both setuid and CAP_SETUID/CAP_SETGID file capabilities. However, if they lack any of these permissions, the function still returns success.
This appears to have been introduced by commit 3275932. The previous version stored the return value in a local variable, and the refactorer appears to have thought that this value was always set to one by the bottom of the function, when it could actually keep it's default value the whole way through.
Steps to reproduce
The text was updated successfully, but these errors were encountered: