Permalink
Browse files

Add backend support for suboridnate uids and gids

These files list the set of subordinate uids and gids that users are allowed
to use.   The expect use case is with the user namespace but other uses are
allowed.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
  • Loading branch information...
ebiederm authored and hallyn committed Jan 22, 2013
1 parent 5620c5a commit f28ad4b251a42a35c29685850d1686a083cac725
Showing with 566 additions and 0 deletions.
  1. +8 −0 etc/login.defs
  2. +2 −0 lib/Makefile.am
  3. +6 −0 lib/getdef.c
  4. +512 −0 lib/subordinateio.c
  5. +38 −0 lib/subordinateio.h
@@ -226,6 +226,10 @@ UID_MAX 60000
# System accounts
SYS_UID_MIN 101
SYS_UID_MAX 999
# Extra per user uids
SUB_UID_MIN 100000
SUB_UID_MAX 600100000
SUB_UID_COUNT 10000
#
# Min/max values for automatic gid selection in groupadd(8)
@@ -235,6 +239,10 @@ GID_MAX 60000
# System accounts
SYS_GID_MIN 101
SYS_GID_MAX 999
# Extra per user group ids
SUB_GID_MIN 100000
SUB_GID_MAX 600100000
SUB_GID_COUNT 10000
#
# Max number of login(1) retries if password is bad
@@ -39,6 +39,8 @@ libshadow_la_SOURCES = \
pwio.c \
pwio.h \
pwmem.c \
subordinateio.h \
subordinateio.c \
selinux.c \
semanage.c \
sgetgrent.c \
@@ -81,6 +81,12 @@ static struct itemdef def_table[] = {
{"SHA_CRYPT_MAX_ROUNDS", NULL},
{"SHA_CRYPT_MIN_ROUNDS", NULL},
#endif
{"SUB_GID_COUNT", NULL},
{"SUB_GID_MAX", NULL},
{"SUB_GID_MIN", NULL},
{"SUB_UID_COUNT", NULL},
{"SUB_UID_MAX", NULL},
{"SUB_UID_MIN", NULL},
{"SULOG_FILE", NULL},
{"SU_NAME", NULL},
{"SYS_GID_MAX", NULL},
Oops, something went wrong.

0 comments on commit f28ad4b

Please sign in to comment.