Add --require-userns build option for setuid mode

Some distributions may want to enforce this in the privileged case; it enforces stronger isolation rather than allowing users to cherry-pick namespaces. Closes: #141 Closes: #159 Approved by: valoq
containers · Jan 20, 2017 · c3a8858 · c3a8858
1 parent 3032e8c
commit c3a8858
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/bubblewrap.c b/bubblewrap.c
@@ -1718,6 +1718,12 @@ main (int    argc,
   if (!is_privileged && getuid () != 0)
     opt_unshare_user = TRUE;
 
+#ifdef ENABLE_REQUIRE_USERNS
+  /* In this build option, we require userns. */
+  if (is_privileged && getuid () != 0)
+    opt_unshare_user = TRUE;
+#endif
+
   if (opt_unshare_user_try &&
       stat ("/proc/self/ns/user", &sbuf) == 0)
     {

diff --git a/configure.ac b/configure.ac
@@ -100,6 +100,16 @@ AC_ARG_ENABLE(sudo,
               [SUDO_BIN="sudo"], [SUDO_BIN=""])
 AC_SUBST([SUDO_BIN])
 
+AC_ARG_ENABLE(require-userns,
+            AS_HELP_STRING([--enable-require-userns=yes/no (default no)],
+                           [Require user namespaces by default when installed suid]),
+            [],
+            [enable_require_userns="no"])
+
+AS_IF([ test "x$enable_require_userns" = "xyes" ], [
+        AC_DEFINE(ENABLE_REQUIRE_USERNS, 1, [Define if userns should be used by default in suid mode])
+     ])
+
 AC_CONFIG_FILES([
 Makefile
 ])
@@ -112,5 +122,6 @@ echo "
     man pages (xsltproc):                         $enable_man
     SELinux:                                      $have_selinux
     setuid mode on make install:                  $with_priv_mode
+    require default userns:                       $enable_require_userns
     mysteriously satisfying to pop:               yes"
 echo ""