this repo has no description
Turn off user namespaces for now
+10
-2
+10
-2
src/dyld/darling.c
+10
-2
src/dyld/darling.c
···
225
225
}
226
226
close(fdNS);
227
227
228
+
/*
228
229
snprintf(pathNS, sizeof(pathNS), SYSTEM_ROOT "/proc/%d/ns/user", pidInit);
229
230
fdNS = open(pathNS, O_RDONLY);
230
231
if (fdNS < 0)
···
232
233
fprintf(stderr, "Cannot open user namespace file: %s\n", strerror(errno));
233
234
exit(1);
234
235
}
236
+
*/
235
237
236
238
setresuid(g_originalUid, g_originalUid, g_originalUid);
237
239
setresgid(g_originalGid, g_originalGid, g_originalGid);
238
240
241
+
/*
239
242
if (setns(fdNS, CLONE_NEWUSER) != 0)
240
243
{
241
244
fprintf(stderr, "Cannot join user namespace: %s\n", strerror(errno));
242
245
exit(1);
243
246
}
244
247
close(fdNS);
248
+
*/
245
249
246
250
setupChild(curPath);
247
251
···
322
326
{
323
327
pid_t pid;
324
328
int pipefd[2];
325
-
char idmap[100];
329
+
// char idmap[100];
326
330
char buffer[1];
327
331
FILE *file;
328
332
···
403
407
404
408
prctl(PR_SET_NAME, DARLING_INIT_COMM, 0, 0);
405
409
410
+
/*
406
411
if (unshare(CLONE_NEWUSER) != 0)
407
412
{
408
413
fprintf(stderr, "Cannot unshare user namespace: %s\n", strerror(errno));
409
414
exit(1);
410
415
}
416
+
*/
411
417
412
-
// Tell the parent we're ready for it to set up UID/GID mappings
418
+
// Tell the parent we're ready
413
419
write(pipefd[1], buffer, 1);
414
420
close(pipefd[1]);
415
421
// And wait for it to do it
···
424
430
read(pipefd[0], buffer, 1);
425
431
close(pipefd[0]);
426
432
433
+
/*
427
434
snprintf(idmap, sizeof(idmap), "/proc/%d/uid_map", pid);
428
435
429
436
file = fopen(idmap, "w");
···
449
456
{
450
457
fprintf(stderr, "Cannot set gid_map for the init process: %s\n", strerror(errno));
451
458
}
459
+
*/
452
460
453
461
// Resume the child
454
462
write(pipefd[1], buffer, 1);