GNU bug report logs - #72337
Add /etc/subuid and /etc/subgid support

Previous Next

Package: guix-patches;

Reported by: paul <goodoldpaul <at> autistici.org>

Date: Sun, 28 Jul 2024 15:26:01 UTC

Severity: normal

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #50 received at 72337 <at> debbugs.gnu.org (full text, mbox):

From: paul <goodoldpaul <at> autistici.org>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 72337 <at> debbugs.gnu.org, Maxim Cournoyer <maxim.cournoyer <at> gmail.com>,
 Florian Pelz <pelzflorian <at> pelzflorian.de>,
 Matthew Trzcinski <matt <at> excalamus.com>
Subject: Re: bug#72337: Add /etc/subuid and /etc/subgid support
Date: Sat, 7 Sep 2024 22:44:19 +0200

Hi Ludo’ ,

I'm sending an updated v4 patchset that should address most your 
comments. One point I'm not sure about is still how to use newuidmap. 
I've added a smoke test checking the content of /proc/self/uid_map 
inside a podman unshare command. I'm not sure that is sufficient but for 
a full Guile implementation I would wait for another issue if you agree. 
I still have to find a reliable smoke test. This is something I've been 
trying, without success so far :( .

(use-modules (ice-9 popen)
             ;(ice-9 rdelim)
             )


(define pid (primitive-fork))

(if (= 0 pid)
    (let ((port (pk 'port (open-output-pipe "bash"))))
      (sleep 1)
      (display "whoami\n" port)
      (display "cat /proc/self/uid_map\n" port)
      (display "cat /proc/self/gid_map\n" port)
      (if (not (eqv? 0 (status:exit-val (close-pipe port))))
          (error "Cannot run command")))
    (begin
      (system* "newuidmap" (number->string pid) "paul" "165536" "65536")))



Thank you for all your help in polishing this service,


giacomo
This bug report was last modified 155 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.