Our current handling of capabilities isn't quite right. In
particular, drop_caps() attempts to remove capabilities from the
bounding set, which usually won't work, and even if it does won't have
the effect we want.
This series corrects that, as well as making some other fixes and
cleanups in adjacent code.
David Gibson (10):
test: Move slower tests to end of test run
pasta: More general way of starting spawned shell as a login shell
pasta_start_ns() always ends in parent context
Remove unhelpful drop_caps() call in pasta_start_ns()
Clarify various self-isolation steps
Replace FWRITE with a function
isolation: Replace drop_caps() with a version that actually does
something
isolation: Prevent any child processes gaining capabilities
isolation: Only configure UID/GID mappings in userns when spawning
shell
Rename pasta_setup_ns() to pasta_spawn_cmd()
conf.c | 3 +-
isolation.c | 199 ++++++++++++++++++++++++++++++++++++++++++++++------
isolation.h | 6 +-
passt.c | 8 +--
pasta.c | 72 +++++++++++--------
pasta.h | 3 +-
test/run | 20 +++---
util.c | 33 +++++++++
util.h | 13 +---
9 files changed, 275 insertions(+), 82 deletions(-)
--
2.37.3