diff options
Diffstat (limited to 'linuxnamespaces')
| -rw-r--r-- | linuxnamespaces/__init__.py | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/linuxnamespaces/__init__.py b/linuxnamespaces/__init__.py index 29d41f6..5d810b0 100644 --- a/linuxnamespaces/__init__.py +++ b/linuxnamespaces/__init__.py @@ -331,3 +331,16 @@ def unshare_user_idmap( newidmaps(pid, uidmap, gidmap) unshare(flags) setup_idmaps() + +def unshare_user_idmap_nohelper( + uid: int, gid: int, flags: CloneFlags = CloneFlags.NEWUSER +) -> None: + """Unshare the given namespaces (must include user) and + map the current user and group to the given uid and gid + without using the setuid helpers. + """ + uidmap = IDMapping(uid, os.getuid(), 1) + gidmap = IDMapping(gid, os.getgid(), 1) + unshare(flags) + pathlib.Path("/proc/self/setgroups").write_bytes(b"deny") + newidmaps(-1, [uidmap], [gidmap], False) |