diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2019-03-08 08:22:55 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-03-08 08:22:55 -0800 |
commit | c4815e8a618cb7824f0a8e8c84771c69ed2a8943 (patch) | |
tree | d48f163005a338b4c4a876e507c02f0790557a5d | |
parent | 90319bcf5202bb54e6e6bf59e4b887fa462e4714 (diff) | |
parent | 081291c8d62b989373149973c1ce0fad0fe7fea1 (diff) | |
download | podman-c4815e8a618cb7824f0a8e8c84771c69ed2a8943.tar.gz podman-c4815e8a618cb7824f0a8e8c84771c69ed2a8943.tar.bz2 podman-c4815e8a618cb7824f0a8e8c84771c69ed2a8943.zip |
Merge pull request #2569 from giuseppe/rootless-fix-exec-with-user
rootless: exec join the user+mount namespace
-rw-r--r-- | cmd/podman/create.go | 11 | ||||
-rw-r--r-- | cmd/podman/exec.go | 29 |
2 files changed, 29 insertions, 11 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go index fa8b9f57b..8a5d0cf73 100644 --- a/cmd/podman/create.go +++ b/cmd/podman/create.go @@ -893,7 +893,16 @@ func joinOrCreateRootlessUserNamespace(createConfig *cc.CreateConfig, runtime *l } return false, -1, errors.Errorf("dependency container %s is not running", ctr.ID()) } - return rootless.JoinNS(uint(pid), 0) + + data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile) + if err != nil { + return false, -1, errors.Wrapf(err, "cannot read conmon PID file %q", ctr.Config().ConmonPidFile) + } + conmonPid, err := strconv.Atoi(string(data)) + if err != nil { + return false, -1, errors.Wrapf(err, "cannot parse PID %q", data) + } + return rootless.JoinDirectUserAndMountNS(uint(conmonPid)) } } return rootless.BecomeRootInUserNS() diff --git a/cmd/podman/exec.go b/cmd/podman/exec.go index c3bcec2ec..e4cea1f5e 100644 --- a/cmd/podman/exec.go +++ b/cmd/podman/exec.go @@ -106,16 +106,25 @@ func execCmd(c *cliconfig.ExecValues) error { } - pid, err := ctr.PID() - if err != nil { - return err - } - became, ret, err := rootless.JoinNS(uint(pid), c.PreserveFDs) - if err != nil { - return err - } - if became { - os.Exit(ret) + if os.Geteuid() != 0 { + var became bool + var ret int + + data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile) + if err != nil { + return errors.Wrapf(err, "cannot read conmon PID file %q", ctr.Config().ConmonPidFile) + } + conmonPid, err := strconv.Atoi(string(data)) + if err != nil { + return errors.Wrapf(err, "cannot parse PID %q", data) + } + became, ret, err = rootless.JoinDirectUserAndMountNS(uint(conmonPid)) + if err != nil { + return err + } + if became { + os.Exit(ret) + } } // ENVIRONMENT VARIABLES |