mgree
commented
4 months ago Rewriting it in C is not the important part. The main thing we have to do is understand whether or not such a gidmapper is safe and---if not---what we can do instead.
Open ezrizhu opened 8 months ago
mgree
commented
4 months ago Rewriting it in C is not the important part. The main thing we have to do is understand whether or not such a gidmapper is safe and---if not---what we can do instead.
SleepyMug
commented
4 months ago My understanding is that unshare command internally forks into two processes (for pid namespace). And when I was re-implementing that logic in Rust I can set uid/gid mappings from the parent process without needing additional utility.
ezrizhu
commented
4 months ago My understanding is that
unsharecommand internally forks into two processes (for pid namespace). And when I was re-implementing that logic in Rust I can set uid/gid mappings from the parent process without needing additional utility.
that's correct, the main reason why gidmapper exists because we can't give a shell script the setgid cap.
Current we have https://github.com/ezrizhu/gidmapper - we want to rewrite this in C for easier installation.