Open ezrizhu opened 8 months ago
Rewriting it in C is not the important part. The main thing we have to do is understand whether or not such a gidmapper is safe and---if not---what we can do instead.
My understanding is that unshare
command internally forks into two processes (for pid namespace). And when I was re-implementing that logic in Rust I can set uid/gid mappings from the parent process without needing additional utility.
My understanding is that
unshare
command internally forks into two processes (for pid namespace). And when I was re-implementing that logic in Rust I can set uid/gid mappings from the parent process without needing additional utility.
that's correct, the main reason why gidmapper exists because we can't give a shell script the setgid cap.
Current we have https://github.com/ezrizhu/gidmapper - we want to rewrite this in C for easier installation.