diff options
| -rwxr-xr-x | modules/pam_namespace/namespace.init | 2 | ||||
| -rw-r--r-- | modules/pam_namespace/pam_namespace.c | 5 |
2 files changed, 6 insertions, 1 deletions
diff --git a/modules/pam_namespace/namespace.init b/modules/pam_namespace/namespace.init index 9ab58062..67d4aa2d 100755 --- a/modules/pam_namespace/namespace.init +++ b/modules/pam_namespace/namespace.init @@ -1,4 +1,4 @@ -#!/bin/sh -p +#!/bin/sh # It receives polydir path as $1, the instance path as $2, # a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3, # and user name in $4. diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c index e0d5e30b..92883f56 100644 --- a/modules/pam_namespace/pam_namespace.c +++ b/modules/pam_namespace/pam_namespace.c @@ -1205,6 +1205,11 @@ static int inst_init(const struct polydir_s *polyptr, const char *ipath, _exit(1); } #endif + /* Pass maximum privs when we exec() */ + if (setuid(geteuid()) < 0) { + /* ignore failures, they don't matter */ + } + if (execle(init_script, init_script, polyptr->dir, ipath, newdir?"1":"0", idata->user, NULL, envp) < 0) _exit(1); |