-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable setgroups #157
Enable setgroups #157
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@akihikodaki Do you see CodeQL alert?
@YanVugenfirer Yes, it will be fixed with #156. |
Failed to test on Ubuntu 20.04 LTS and Fedora 34.
Ubuntu 20.04
Fedora 34:
|
33c01e8
to
7c868ad
Compare
@kostyanf14 Can you test commit 7c868ad? It got uglier but (hopefully) should work. |
Ubuntu 20.04
Need to install This patch works. Fedora 34
This patch does not work. |
7c868ad
to
ae5b30a
Compare
@kostyanf14 Looks like we need to require uidmap. newgidmap is a setuid helper and not something we can implement by ourselves. |
Commit ae5b30a adds a friendly error message in case the current user is not listed in |
Let's add some questions about this to the installer. For now, the temporary HCK-CI server installs automatically without additional users so this mechanism will be broken. |
I think that won't be a problem for the most new installation because the instruction does no longer say it needs to be executed as root and a normal user is listed in |
virtiofsd breakage with the namespace changeProblem Descriptionvirtiofsd required two privileges not provided in the namespace created by
|
ae5b30a
to
df5985a
Compare
@kostyanf14 Pushed change to skip user namespace creation for root. |
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
df5985a
to
37a53d6
Compare
Rebased PR to current master |
Not tested.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>