machine: ignore containers which disable private user namespace in MapToMachine{User,Group}

Fixes #9286.
2018-06-13 23:59:35 +09:00 · 2018-06-13 23:59:35 +09:00 · 24f5a4c7c6
parent 6f8a8b84f2
commit 24f5a4c7c6
1 changed files with 8 additions and 0 deletions
--- a/src/machine/machined-dbus.c
+++ b/src/machine/machined-dbus.c
@ -1010,6 +1010,10 @@ static int method_map_to_machine_user(sd_bus_message *message, void *userdata, s
                                return -EIO;
                        }

+                        /* The private user namespace is disabled, ignoring. */
+                        if (uid_shift == 0)
+                                continue;
+
                        if (uid < uid_shift || uid >= uid_shift + uid_range)
                                continue;

@ -1128,6 +1132,10 @@ static int method_map_to_machine_group(sd_bus_message *message, void *groupdata,
                                return -EIO;
                        }

+                        /* The private user namespace is disabled, ignoring. */
+                        if (gid_shift == 0)
+                                continue;
+
                        if (gid < gid_shift || gid >= gid_shift + gid_range)
                                continue;