- if (not options.root):
- exec_args = [arch,'/usr/sbin/capsh',cap_arg,'--','--login']+options.command_to_run
+ if (not args.root):
+ if (args.nosliceuid):
+ # we still want to drop capabilities, but don't want to switch UIDs
+ exec_args = [arch,'/usr/sbin/capsh',cap_arg,'--','--login',]+args.command_to_run
+ else:
+ uid = getuid (slice_name)
+ if not uid:
+ print "lxcsu could not spot %s in /etc/passwd - exiting"%slice_name
+ exit(1)
+ exec_args = [arch,'/usr/sbin/capsh',cap_arg,'--uid=%s'%uid,'--','--login',]+args.command_to_run
+# once we can drop f12, it would be nicer to instead go for
+# exec_args = [arch,'/usr/sbin/capsh',cap_arg,'--user=%s'%slice_name,'--','--login',]+args.command_to_run