bst would fail to create a proper id map if the id map of the parent
user namespace was already sliced up in multiple ranges. This is because
the kernel insists that ranges in an id map should be preserved, and
would refuse writes to the id map file with EPERM if this was not
respected.
For instance, if the current user namespace had this uid map:
0 0 1
1 1000 1000
1002 100000 64533
Then in order to map "0 0 65534", the following map would need to be
written:
0 0 1
1 1 1000
1002 1002 64533
This commit makes sure that the id map being written preserves these
slices by projecting the allowed id map of the owner of the new user
namespace onto the effective id map of the parent user namespace.
bst would fail to create a proper id map if the id map of the parent user namespace was already sliced up in multiple ranges. This is because the kernel insists that ranges in an id map should be preserved, and would refuse writes to the id map file with EPERM if this was not respected.
For instance, if the current user namespace had this uid map:
Then in order to map "0 0 65534", the following map would need to be written:
This commit makes sure that the id map being written preserves these slices by projecting the allowed id map of the owner of the new user namespace onto the effective id map of the parent user namespace.