Now it's possible to set UID and GID for user namespaces only. This
patch removes this restriction and allow to use --set{uid,gid} in all
cases. The default for user namespaces is still GID=0, UID=0.
Reported-by: Tomas Doran <bobtfish@bobtfish.net>
Signed-off-by: Karel Zak <kzak@redhat.com>
Also, for renice, adapt the descriptions to the behaviour: the -g,
-p and -u options do not actually need to be followed by any ID.
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
Using -S (--setuid) and -G (--setgid) one can select the uid/gid which
will be used in the entered user namespace.
[kzak@redhat.com: - use setuid/gid unconditionally (always),
- update man page]
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Karel Zak <kzak@redhat.com>
The behaviour mimics chroot.
Possibly it would have been nicer to to query the password database in
the new namepace and run the shell of the user there, but it's hard to
do correctly. getpwuid() might need to load nss plugins, and the arch
in the new namespace might be different (in case of NEWNS mounts), or
the hostname might be different, etc. So in general it's not possible
to do it reliably.
Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Most visible change; the --target option has a path - explanation table
instead a long paragraph. This makes pairing of the information easier
for an average user such as me.
The rest of the changes are about aligning with howto, i.e., fix spaces
after dots, URL & mail address macros, remove inline emphasis where
possible, mark directory paths and words with underscore to be line
breakable, use optional option syntax from howto, cut line lenght to 80
chars.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The naming of this option was really confusing.
Just rename it for clarity.
[kzak@redhat.com: rebase to original code without --all]
Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Signed-off-by: Karel Zak <kzak@redhat.com>
Inspired by unshare, nsenter is a simple wrapper around setns that
allows running a new process in the context of an existing process.
Full paths may be specified to the namespace arguments so that
namespace file descriptors may be used wherever they reside in the
filesystem.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Karel Zak
Benno Schulenberg
Richard Weinberger
Zbigniew Jędrzejewski-Szmek
Sami Kerola
Eric W. Biederman