exile.c

@@ -625,8 +625,6 @@ struct exile_policy *exile_init_policy()
 	result->not_dumpable = 1;
 	result->no_new_privs = 1;
 	result->namespace_options = EXILE_UNSHARE_MOUNT | EXILE_UNSHARE_USER;
-	result->namespace_uid = 0;
-	result->namespace_gid = 0;
 	return result;
 }
 
@@ -940,7 +938,7 @@ void exile_free_policy(struct exile_policy *ctxt)
 }
 
 /* Enters the specified namespaces */
-static int enter_namespaces(int namespace_options, uid_t namespace_uid, gid_t namespace_gid)
+static int enter_namespaces(int namespace_options)
 {
 	if(namespace_options & EXILE_UNSHARE_USER)
 	{
@@ -977,7 +975,7 @@ static int enter_namespaces(int namespace_options, uid_t namespace_uid, gid_t na
 			EXILE_LOG_ERROR("Failed to open /proc/self/uid_map for writing");
 			return -1;
 		}
-		writesize = snprintf(buf, sizeof(buf), "%u %u 1\n", namespace_uid, current_uid);
+		writesize = snprintf(buf, sizeof(buf), "0 %u 1\n", current_uid);
 		writeret = write(fd, buf, writesize);
 		if(writeret < 0 || writeret < writesize)
 		{
@@ -993,7 +991,7 @@ static int enter_namespaces(int namespace_options, uid_t namespace_uid, gid_t na
 			EXILE_LOG_ERROR("Failed to open /proc/self/gid_map for writing");
 			return -1;
 		}
-		writesize = snprintf(buf, sizeof(buf), "%u %u 1\n", namespace_gid, current_gid);
+		writesize = snprintf(buf, sizeof(buf), "0 %u 1\n", current_gid);
 		writeret = write(fd, buf, writesize);
 		if(writeret < 0 || writeret < writesize)
 		{
@@ -1543,7 +1541,7 @@ int exile_enable_policy(struct exile_policy *policy)
 		close_file_fds();
 	}
 
-	if(enter_namespaces(policy->namespace_options, policy->namespace_uid, policy->namespace_gid) < 0)
+	if(enter_namespaces(policy->namespace_options) < 0)
 	{
 		EXILE_LOG_ERROR("Error while trying to enter namespaces\n");
 		return -1;

exile.h

@@ -375,9 +375,6 @@ struct exile_policy
 
 	uint64_t vow_promises;
 
-	uid_t namespace_uid;
-	gid_t namespace_gid;
-
 	/* Do not manually add policies here, use exile_append_path_policies() */
 	struct exile_path_policy *path_policies;
 	struct exile_path_policy **path_policies_tail;

test.c

@@ -618,9 +618,9 @@ int test_launch_get()
 	size_t n = 0;
 	char *content = exile_launch_get(&params, &n);
 	unsigned int len = strlen(LAUNCH_GET_TEST_STR);
-	if(n != len)
+	if(n != strlen(LAUNCH_GET_TEST_STR))
 	{
-		LOG("Lenght does not match: %lu vs %u\n", n, len);
+		LOG("Lenght does does not match: %lu vs %u\n", n, len);
 		return 1;
 	}
 	if(strcmp(content, LAUNCH_GET_TEST_STR) != 0)
@@ -755,50 +755,8 @@ int test_unshare_user()
 	}
 
 	return 0;
-}
 
-int test_unshare_user_own_uid()
-{
-	uid_t uid = getuid();
-	gid_t gid = getgid();
 
-	char uidstr[64];
-	snprintf(uidstr, sizeof(uidstr), "%u", uid);
-
-	char gidstr[64];
-	snprintf(gidstr, sizeof(gidstr), "%u", gid);
-
-	struct exile_policy *policy = exile_init_policy();
-	policy->namespace_options = EXILE_UNSHARE_USER;
-	policy->namespace_gid = gid;
-	policy->namespace_uid = uid;
-	xexile_enable_policy(policy);
-
-	if(do_test_nsuidmap("/proc/self/uid_map", uidstr, uidstr, "1") != 0)
-	{
-		LOG("/proc/self/uid_map failed\n");
-		return 1;
-	}
-
-	if(do_test_nsuidmap("/proc/self/gid_map", gidstr, gidstr, "1") != 0)
-	{
-		LOG("/proc/self/gid_map failed\n");
-		return 1;
-	}
-
-	FILE *fp = fopen("/proc/self/setgroups", "r");
-
-	char buffer[4096] = { 0 };
-	fread(buffer, sizeof(buffer), 1, fp);
-	fclose(fp);
-
-	if(strcmp(buffer, "deny\n") != 0)
-	{
-		LOG("/proc/self/setgroups does not contain 'deny'\n");
-		return 1;
-	}
-
-	return 0;
 }
 
 struct dispatcher
@@ -830,8 +788,6 @@ struct dispatcher dispatchers[] = {
 	{ "vow_from_str", &test_vows_from_str},
 	{ "clone3_nosys", &test_clone3_nosys},
 	{ "unshare-user", &test_unshare_user},
-	{ "unshare-user-own-uid", &test_unshare_user_own_uid},
-
 
 };