bubblewrap
bubblewrap copied to clipboard
Added --uid and --gid support when running as root without --unshare-user or --userns
Fixes https://github.com/containers/bubblewrap/issues/551
Disclaimer: My C skills are quite rusty, so apologies in advance in case I made some glaring mistake or if I missed something obvious. In my tests at least this worked for this use-case and didn't introduce any new issues.
This is security-sensitive and will need careful review, to make sure it isn't introducing a security vulnerability in the case where bwrap is setuid root.
Why? This only deals with the case where real_uid
is 0
.