Comment 7 for bug 1729357

Revision history for this message
Stéphane Graber (stgraber) wrote :

Thinking about this problem a bit, it certainly sounds like for the normal case we'd want newgidmap to flip setgroups to false prior to writing the map, effectively preventing this issue.

The obvious problem is that we have very legitimate use cases where we absolutely do want newgidmap to write a map to /proc/PID/gid_map and keep setgroups allowed. That's what we need for fully unprivileged LXC containers.

My current thought here is that we'd effectively need a way to record in what case this is okay, so that an administrator can apply this on a per-user basis. My initial plan there was to add an extra column to /etc/subgid to control that, but it actually seems to be unrelated to the map used and more of a per-user attribute that should be tracked separately.