nsresource: optionally mangle userns names passed to nsresourced (#35900)

We enforce quite strict rules on naming userns we assign uid ranges to
for users. So strict that they are hard to get right for clients. hence,
let's optionally mangle provided strings so that they work for us.

This should make it much easier to work with the API, as something
reasonable happens regarldess what kind of garbage a client sets as
name.

mangling the name is opt-in for clients, so that there's tight control
for the client on the name, but also "fire and forget".

1 files changed, 4 insertions, 1 deletions

diff --git a/test/units/TEST-13-NSPAWN.nspawn.sh b/test/units/TEST-13-NSPAWN.nspawn.sh
index 1b0ff77889..cd37f4c65e 100755
--- a/test/units/TEST-13-NSPAWN.nspawn.sh
+++ b/test/units/TEST-13-NSPAWN.nspawn.sh
@@ -1131,7 +1131,10 @@ testcase_unpriv() {
 
     local tmpdir name
     tmpdir="$(mktemp -d /var/tmp/TEST-13-NSPAWN.unpriv.XXX)"
-    name="unprv-${tmpdir##*.}"
+    # Note: we pick the machine name short enough to be a valid machine name,
+    # but definitely longer than 16 chars, so that userns name mangling in the
+    # nsresourced userns allocation logic is triggered and tested. */
+    name="unprv-${tmpdir##*.}-somelongsuffix"
     trap 'rm -fr ${tmpdir@Q} || true; rm -f /run/verity.d/test-13-nspawn-${name@Q} || true' RETURN ERR
     create_dummy_ddi "$tmpdir" "$name"
     chown --recursive testuser: "$tmpdir"