try icon indicating copy to clipboard operation
try copied to clipboard
verified publisher icon binpash

Understand gid mapping; build utility for it

Open ezrizhu opened this issue 1 year ago • 3 comments

Current we have https://github.com/ezrizhu/gidmapper - we want to rewrite this in C for easier installation.

ezrizhu avatar Jan 13 '24 10:01 ezrizhu

Rewriting it in C is not the important part. The main thing we have to do is understand whether or not such a gidmapper is safe and---if not---what we can do instead.

mgree avatar Jun 07 '24 16:06 mgree

My understanding is that unshare command internally forks into two processes (for pid namespace). And when I was re-implementing that logic in Rust I can set uid/gid mappings from the parent process without needing additional utility.

SleepyMug avatar Jun 07 '24 16:06 SleepyMug

My understanding is that unshare command internally forks into two processes (for pid namespace). And when I was re-implementing that logic in Rust I can set uid/gid mappings from the parent process without needing additional utility.

that's correct, the main reason why gidmapper exists because we can't give a shell script the setgid cap.

ezrizhu avatar Jun 07 '24 16:06 ezrizhu