summaryrefslogtreecommitdiff
path: root/linuxnamespaces
diff options
context:
space:
mode:
authorHelmut Grohne <helmut@subdivi.de>2024-05-10 18:21:21 +0200
committerHelmut Grohne <helmut@subdivi.de>2024-05-10 18:21:21 +0200
commit9fea618481256122c1bd2a62ec382623b7528865 (patch)
tree8b4ae2de2d8dd11ca93aef93e196524869e1b085 /linuxnamespaces
parentc45a83883625ea5226bace08e72f45782e31c29f (diff)
downloadpython-linuxnamespaces-9fea618481256122c1bd2a62ec382623b7528865.tar.gz
Revert "examples/chroottar.py: harden against tars with high uids"
This reverts commit a169f51420795a212c3226f455e783ab8ac5cf47. We really deal with two user namespaces. The initial/parent process maps the target id range plus the current user id. The child process that executes the workload only maps the target id range without the current user id. The child opens the tar file while it still is in the initial namespace, then unshares and once it only has the subid range mapped, it performs the extraction. No clamping is necessary at this point. The parent process maps additionally maps the current id in order to write the tar file.
Diffstat (limited to 'linuxnamespaces')
0 files changed, 0 insertions, 0 deletions