lxc_unshare -u argument useful even with USER namespace shared

Signed-off-by: Seth Robertson <srobertson@appcomsci.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

lxc_unshare -u argument useful even with USER namespace shared
13d8bde9 · Seth Robertson · Serge Hallyn · 00fe5e1d · 13d8bde9 · 13d8bde9
Commit 13d8bde9 authored Dec 04, 2013 by Seth Robertson Committed by Serge Hallyn Jan 15, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 6 deletions

lxc-unshare.sgml.in doc/lxc-unshare.sgml.in +2 -3

lxc_unshare.c src/lxc/lxc_unshare.c +2 -3

No files found.
--- a/doc/lxc-unshare.sgml.in
+++ b/doc/lxc-unshare.sgml.in
@@ -51,7 +51,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
    <cmdsynopsis>
      <command>lxc-unshare</command>
      <arg choice="req">-s <replaceable>namespaces</replaceable></arg>
-      <arg choice="req">-u <replaceable>user</replaceable></arg>
+      <arg choice="opt">-u <replaceable>user</replaceable></arg>
      <arg choice="req">command</arg>
    </cmdsynopsis>
  </refsynopsisdiv>
@@ -100,8 +100,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 	</term>
 	<listitem>
 	  <para>
-	    Specify a user which the new task should become.  This option is
+	    Specify a userid which the new task should become.
-	    only valid if a user namespace is unshared.
 	  </para>
 	</listitem>
      </varlistentry>

--- a/src/lxc/lxc_unshare.c
+++ b/src/lxc/lxc_unshare.c
@@ -97,7 +97,8 @@ static int do_start(void *arg)
 	int flags = *start_arg->flags;
 	uid_t uid = *start_arg->uid;
-	if (flags & CLONE_NEWUSER && setuid(uid)) {
+	// Setuid is useful even without a new user id space
+	if ( uid >= 0 && setuid(uid)) {
 		ERROR("failed to set uid %d: %s", uid, strerror(errno));
 		exit(1);
 	}
@@ -153,8 +154,6 @@ int main(int argc, char *argv[])
 	if (ret)
 		usage(argv[0]);
-	if (!(flags & CLONE_NEWUSER) && uid != -1) {
-		ERROR("-u <uid> needs -s USER option");
 		return 1;
 	}