1c68946eeSChristian Brauner /* SPDX-License-Identifier: GPL-2.0 */ 2c68946eeSChristian Brauner 3c68946eeSChristian Brauner #ifndef __IDMAP_UTILS_H 4c68946eeSChristian Brauner #define __IDMAP_UTILS_H 5c68946eeSChristian Brauner 6c68946eeSChristian Brauner #ifndef _GNU_SOURCE 7c68946eeSChristian Brauner #define _GNU_SOURCE 8c68946eeSChristian Brauner #endif 9c68946eeSChristian Brauner #include <errno.h> 10c68946eeSChristian Brauner #include <linux/types.h> 11c68946eeSChristian Brauner #include <sched.h> 12c68946eeSChristian Brauner #include <signal.h> 13c68946eeSChristian Brauner #include <stdbool.h> 14c68946eeSChristian Brauner #include <stdio.h> 15c68946eeSChristian Brauner #include <stdlib.h> 16c68946eeSChristian Brauner #include <string.h> 17c68946eeSChristian Brauner #include <syscall.h> 18c68946eeSChristian Brauner #include <sys/capability.h> 19c68946eeSChristian Brauner #include <sys/fsuid.h> 20c68946eeSChristian Brauner #include <sys/types.h> 21c68946eeSChristian Brauner #include <unistd.h> 22c68946eeSChristian Brauner 23c68946eeSChristian Brauner extern int get_userns_fd(unsigned long nsid, unsigned long hostid, 24c68946eeSChristian Brauner unsigned long range); 25c68946eeSChristian Brauner 26c68946eeSChristian Brauner extern int caps_down(void); 27*a1579f6bSChristian Brauner extern int cap_down(cap_value_t down); 28c68946eeSChristian Brauner 29c68946eeSChristian Brauner extern bool switch_ids(uid_t uid, gid_t gid); 30c68946eeSChristian Brauner 31c68946eeSChristian Brauner static inline bool switch_userns(int fd, uid_t uid, gid_t gid, bool drop_caps) 32c68946eeSChristian Brauner { 33c68946eeSChristian Brauner if (setns(fd, CLONE_NEWUSER)) 34c68946eeSChristian Brauner return false; 35c68946eeSChristian Brauner 36c68946eeSChristian Brauner if (!switch_ids(uid, gid)) 37c68946eeSChristian Brauner return false; 38c68946eeSChristian Brauner 39c68946eeSChristian Brauner if (drop_caps && !caps_down()) 40c68946eeSChristian Brauner return false; 41c68946eeSChristian Brauner 42c68946eeSChristian Brauner return true; 43c68946eeSChristian Brauner } 44c68946eeSChristian Brauner 45c68946eeSChristian Brauner #endif /* __IDMAP_UTILS_H */ 46