From: Robert Swiecki <robert@swiecki.net>
Date: Thu, 13 Jul 2017 00:33:11 +0000 (+0200)
Subject: cmdline: better warning about uid/gid 0
X-Git-Tag: 1.6~5
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=5683ea7e09aede7251d59295c892faad79af4b51;p=platform%2Fupstream%2Fnsjail.git

cmdline: better warning about uid/gid 0
---

diff --git a/cmdline.c b/cmdline.c
index a11443b..a3ac216 100644
--- a/cmdline.c
+++ b/cmdline.c
@@ -239,7 +239,8 @@ void cmdlineLogParams(struct nsjconf_t *nsjconf)
 			      (unsigned long)p->inside_id, (unsigned long)p->outside_id, p->count,
 			      p->is_newidmap ? "true" : "false");
 			if (p->outside_id == 0) {
-				LOG_W("Process will be UID/EUID=0 in the global user namespace");
+				LOG_W
+				    ("Process will be UID/EUID=0 in the global user namespace, and will have user root-level access to files");
 			}
 		}
 		TAILQ_FOREACH(p, &nsjconf->gids, pointers) {
@@ -247,7 +248,8 @@ void cmdlineLogParams(struct nsjconf_t *nsjconf)
 			      (unsigned long)p->inside_id, (unsigned long)p->outside_id, p->count,
 			      p->is_newidmap ? "true" : "false");
 			if (p->outside_id == 0) {
-				LOG_W("Process will be GID/EGID=0 in the global user namespace");
+				LOG_W
+				    ("Process will be GID/EGID=0 in the global user namespace, and will have group root-level access to files");
 			}
 		}
 	}
diff --git a/configs/bash-with-fake-geteuid.cfg b/configs/bash-with-fake-geteuid.cfg
index 74af795..1da28e9 100644
--- a/configs/bash-with-fake-geteuid.cfg
+++ b/configs/bash-with-fake-geteuid.cfg
@@ -171,7 +171,6 @@ mount {
 
 seccomp_string: "
 	POLICY example {
-		ERRNO(1337) { geteuid },
 		KILL { syslog },
 		ERRNO(0) { ptrace }
 	}