aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDoug Rabson <dfr@rabson.org>2022-08-27 14:22:12 +0100
committerDoug Rabson <dfr@rabson.org>2022-09-05 10:17:49 +0100
commit71e2074e8352dee48c068e5804ae5a4d74163b03 (patch)
treebd1d386c581187dd99dc1cdd51f4e427bd4d472f
parent232eea5a00f542081e0bade13b21b8b44b0ad906 (diff)
downloadpodman-71e2074e8352dee48c068e5804ae5a4d74163b03.tar.gz
podman-71e2074e8352dee48c068e5804ae5a4d74163b03.tar.bz2
podman-71e2074e8352dee48c068e5804ae5a4d74163b03.zip
libpod: Move getUserOverrides, lookupHostUser to container_internal_common.go
[NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
-rw-r--r--libpod/container_internal_common.go51
-rw-r--r--libpod/container_internal_freebsd.go49
-rw-r--r--libpod/container_internal_linux.go49
3 files changed, 51 insertions, 98 deletions
diff --git a/libpod/container_internal_common.go b/libpod/container_internal_common.go
index 476ae1989..0d5071831 100644
--- a/libpod/container_internal_common.go
+++ b/libpod/container_internal_common.go
@@ -9,6 +9,7 @@ import (
"fmt"
"math"
"os"
+ "path/filepath"
"strconv"
"strings"
"time"
@@ -26,6 +27,7 @@ import (
"github.com/containers/podman/v4/pkg/util"
"github.com/containers/storage/pkg/idtools"
securejoin "github.com/cyphar/filepath-securejoin"
+ runcuser "github.com/opencontainers/runc/libcontainer/user"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
"github.com/opencontainers/selinux/go-selinux/label"
@@ -593,3 +595,52 @@ func (c *Container) resolveWorkDir() error {
return nil
}
+
+func (c *Container) getUserOverrides() *lookup.Overrides {
+ var hasPasswdFile, hasGroupFile bool
+ overrides := lookup.Overrides{}
+ for _, m := range c.config.Spec.Mounts {
+ if m.Destination == "/etc/passwd" {
+ overrides.ContainerEtcPasswdPath = m.Source
+ hasPasswdFile = true
+ }
+ if m.Destination == "/etc/group" {
+ overrides.ContainerEtcGroupPath = m.Source
+ hasGroupFile = true
+ }
+ if m.Destination == "/etc" {
+ if !hasPasswdFile {
+ overrides.ContainerEtcPasswdPath = filepath.Join(m.Source, "passwd")
+ }
+ if !hasGroupFile {
+ overrides.ContainerEtcGroupPath = filepath.Join(m.Source, "group")
+ }
+ }
+ }
+ if path, ok := c.state.BindMounts["/etc/passwd"]; ok {
+ overrides.ContainerEtcPasswdPath = path
+ }
+ return &overrides
+}
+
+func lookupHostUser(name string) (*runcuser.ExecUser, error) {
+ var execUser runcuser.ExecUser
+ // Look up User on host
+ u, err := util.LookupUser(name)
+ if err != nil {
+ return &execUser, err
+ }
+ uid, err := strconv.ParseUint(u.Uid, 8, 32)
+ if err != nil {
+ return &execUser, err
+ }
+
+ gid, err := strconv.ParseUint(u.Gid, 8, 32)
+ if err != nil {
+ return &execUser, err
+ }
+ execUser.Uid = int(uid)
+ execUser.Gid = int(gid)
+ execUser.Home = u.HomeDir
+ return &execUser, nil
+}
diff --git a/libpod/container_internal_freebsd.go b/libpod/container_internal_freebsd.go
index f460ca49a..98ae209e8 100644
--- a/libpod/container_internal_freebsd.go
+++ b/libpod/container_internal_freebsd.go
@@ -187,55 +187,6 @@ func (c *Container) reloadNetwork() error {
return c.save()
}
-func (c *Container) getUserOverrides() *lookup.Overrides {
- var hasPasswdFile, hasGroupFile bool
- overrides := lookup.Overrides{}
- for _, m := range c.config.Spec.Mounts {
- if m.Destination == "/etc/passwd" {
- overrides.ContainerEtcPasswdPath = m.Source
- hasPasswdFile = true
- }
- if m.Destination == "/etc/group" {
- overrides.ContainerEtcGroupPath = m.Source
- hasGroupFile = true
- }
- if m.Destination == "/etc" {
- if !hasPasswdFile {
- overrides.ContainerEtcPasswdPath = filepath.Join(m.Source, "passwd")
- }
- if !hasGroupFile {
- overrides.ContainerEtcGroupPath = filepath.Join(m.Source, "group")
- }
- }
- }
- if path, ok := c.state.BindMounts["/etc/passwd"]; ok {
- overrides.ContainerEtcPasswdPath = path
- }
- return &overrides
-}
-
-func lookupHostUser(name string) (*runcuser.ExecUser, error) {
- var execUser runcuser.ExecUser
- // Look up User on host
- u, err := util.LookupUser(name)
- if err != nil {
- return &execUser, err
- }
- uid, err := strconv.ParseUint(u.Uid, 8, 32)
- if err != nil {
- return &execUser, err
- }
-
- gid, err := strconv.ParseUint(u.Gid, 8, 32)
- if err != nil {
- return &execUser, err
- }
- execUser.Uid = int(uid)
- execUser.Gid = int(gid)
- execUser.Home = u.HomeDir
- return &execUser, nil
-}
-
// mountNotifySocket mounts the NOTIFY_SOCKET into the container if it's set
// and if the sdnotify mode is set to container. It also sets c.notifySocket
// to avoid redundantly looking up the env variable.
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 16a576947..9bdbd59a9 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -220,55 +220,6 @@ func (c *Container) reloadNetwork() error {
return c.save()
}
-func (c *Container) getUserOverrides() *lookup.Overrides {
- var hasPasswdFile, hasGroupFile bool
- overrides := lookup.Overrides{}
- for _, m := range c.config.Spec.Mounts {
- if m.Destination == "/etc/passwd" {
- overrides.ContainerEtcPasswdPath = m.Source
- hasPasswdFile = true
- }
- if m.Destination == "/etc/group" {
- overrides.ContainerEtcGroupPath = m.Source
- hasGroupFile = true
- }
- if m.Destination == "/etc" {
- if !hasPasswdFile {
- overrides.ContainerEtcPasswdPath = filepath.Join(m.Source, "passwd")
- }
- if !hasGroupFile {
- overrides.ContainerEtcGroupPath = filepath.Join(m.Source, "group")
- }
- }
- }
- if path, ok := c.state.BindMounts["/etc/passwd"]; ok {
- overrides.ContainerEtcPasswdPath = path
- }
- return &overrides
-}
-
-func lookupHostUser(name string) (*runcuser.ExecUser, error) {
- var execUser runcuser.ExecUser
- // Look up User on host
- u, err := util.LookupUser(name)
- if err != nil {
- return &execUser, err
- }
- uid, err := strconv.ParseUint(u.Uid, 8, 32)
- if err != nil {
- return &execUser, err
- }
-
- gid, err := strconv.ParseUint(u.Gid, 8, 32)
- if err != nil {
- return &execUser, err
- }
- execUser.Uid = int(uid)
- execUser.Gid = int(gid)
- execUser.Home = u.HomeDir
- return &execUser, nil
-}
-
// mountNotifySocket mounts the NOTIFY_SOCKET into the container if it's set
// and if the sdnotify mode is set to container. It also sets c.notifySocket
// to avoid redundantly looking up the env variable.