homed: when using id mapping on the home dirs, also do an identity mapping for the container UID ranges

Apparently people really want to put high UIDs in their homedirs. Let's add some minimal support for that. Further discussion: https://github.com/systemd/systemd/pull/22239#issuecomment-1040421552 Inspired by, based on, and replacing #22239 by Christian Brauner.
2025-02-04 21:47:31 +03:00 · 2022-02-15 18:22:37 +01:00 · 2022-02-15 18:22:37 +01:00 · 1af53c0fa8
commit 1af53c0fa8
parent a57d72ceb4
1 changed files with 7 additions and 0 deletions
--- a/src/home/homework-mount.c
+++ b/src/home/homework-mount.c
@ -209,6 +209,13 @@ static int make_userns(uid_t stored_uid, uid_t exposed_uid) {
        if (r < 0)
                return log_oom();

+        /* Also map the container range. People can use that to place containers owned by high UIDs in their
+         * home directories if they really want. We won't manage this UID range for them but pass it through
+         * 1:1, and it will lose its meaning once migrated between hosts. */
+        r = append_identity_range(&text, CONTAINER_UID_BASE_MIN, CONTAINER_UID_BASE_MAX+1, stored_uid);
+        if (r < 0)
+                return log_oom();
+
        /* Leave everything else unmapped, starting from UID_NOBODY itself. Specifically, this means the
         * whole space outside of 16bit remains unmapped */