summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2018-06-01 13:25:19 +0200
committerAtomic Bot <atomic-devel@projectatomic.io>2018-06-15 14:53:18 +0000
commit4086a0f7371dbe5ea104dafe83aadb77b969c0ba (patch)
tree8a83cc87f34b065a855aefc5748ee45960980b11
parenta1ec6747f187ff2dbc1256cb5c11c5775324f2e2 (diff)
downloadpodman-4086a0f7371dbe5ea104dafe83aadb77b969c0ba.tar.gz
podman-4086a0f7371dbe5ea104dafe83aadb77b969c0ba.tar.bz2
podman-4086a0f7371dbe5ea104dafe83aadb77b969c0ba.zip
podman: use a different store for the rootless case
so that the user has rw access to it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
-rw-r--r--cmd/podman/create.go6
-rw-r--r--cmd/podman/libpodruntime/runtime.go40
-rw-r--r--cmd/podman/run.go6
-rw-r--r--libpod/container_internal.go4
-rw-r--r--libpod/runtime.go35
5 files changed, 84 insertions, 7 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index a0c1ec3f0..52d6e32f6 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -9,7 +9,6 @@ import (
"strings"
"syscall"
- "github.com/containers/storage"
"github.com/docker/docker/api/types/container"
"github.com/docker/docker/pkg/signal"
"github.com/docker/go-connections/nat"
@@ -81,7 +80,10 @@ func createCmd(c *cli.Context) error {
if err != nil {
return err
}
- storageOpts := storage.DefaultStoreOptions
+ storageOpts, err := libpodruntime.GetDefaultStoreOptions()
+ if err != nil {
+ return err
+ }
storageOpts.UIDMap = mappings.UIDMap
storageOpts.GIDMap = mappings.GIDMap
diff --git a/cmd/podman/libpodruntime/runtime.go b/cmd/podman/libpodruntime/runtime.go
index 9ea40e00a..042ce87e5 100644
--- a/cmd/podman/libpodruntime/runtime.go
+++ b/cmd/podman/libpodruntime/runtime.go
@@ -1,6 +1,10 @@
package libpodruntime
import (
+ "fmt"
+ "os"
+ "path/filepath"
+
"github.com/containers/storage"
"github.com/projectatomic/libpod/libpod"
"github.com/urfave/cli"
@@ -8,10 +12,44 @@ import (
// GetRuntime generates a new libpod runtime configured by command line options
func GetRuntime(c *cli.Context) (*libpod.Runtime, error) {
- storageOpts := storage.DefaultStoreOptions
+ storageOpts, err := GetDefaultStoreOptions()
+ if err != nil {
+ return nil, err
+ }
return GetRuntimeWithStorageOpts(c, &storageOpts)
}
+func GetRootlessStorageOpts() (storage.StoreOptions, error) {
+ var opts storage.StoreOptions
+
+ opts.RunRoot = filepath.Join(libpod.GetRootlessRuntimeDir(), "run")
+
+ dataDir := os.Getenv("XDG_DATA_DIR")
+ if dataDir != "" {
+ opts.GraphRoot = filepath.Join(dataDir, "containers", "storage")
+ } else {
+ home := os.Getenv("HOME")
+ if home == "" {
+ return opts, fmt.Errorf("HOME not specified")
+ }
+ opts.GraphRoot = filepath.Join(home, ".containers", "storage")
+ }
+ opts.GraphDriverName = "vfs"
+ return opts, nil
+}
+
+func GetDefaultStoreOptions() (storage.StoreOptions, error) {
+ storageOpts := storage.DefaultStoreOptions
+ if os.Getuid() != 0 {
+ var err error
+ storageOpts, err = GetRootlessStorageOpts()
+ if err != nil {
+ return storageOpts, err
+ }
+ }
+ return storageOpts, nil
+}
+
// GetRuntime generates a new libpod runtime configured by command line options
func GetRuntimeWithStorageOpts(c *cli.Context, storageOpts *storage.StoreOptions) (*libpod.Runtime, error) {
options := []libpod.RuntimeOption{}
diff --git a/cmd/podman/run.go b/cmd/podman/run.go
index 2131df7ab..b7516a233 100644
--- a/cmd/podman/run.go
+++ b/cmd/podman/run.go
@@ -9,7 +9,6 @@ import (
"strconv"
"strings"
- "github.com/containers/storage"
"github.com/pkg/errors"
"github.com/projectatomic/libpod/cmd/podman/libpodruntime"
"github.com/projectatomic/libpod/libpod"
@@ -54,7 +53,10 @@ func runCmd(c *cli.Context) error {
}
}
- storageOpts := storage.DefaultStoreOptions
+ storageOpts, err := libpodruntime.GetDefaultStoreOptions()
+ if err != nil {
+ return err
+ }
mappings, err := util.ParseIDMapping(c.StringSlice("uidmap"), c.StringSlice("gidmap"), c.String("subuidmap"), c.String("subgidmap"))
if err != nil {
return err
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 30dbf52e6..bd0074e56 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -1296,7 +1296,9 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
g.AddProcessEnv("container", "libpod")
}
- if c.runtime.config.CgroupManager == SystemdCgroupsManager {
+ if os.Getuid() != 0 {
+ g.SetLinuxCgroupsPath("")
+ } else if c.runtime.config.CgroupManager == SystemdCgroupsManager {
// When runc is set to use Systemd as a cgroup manager, it
// expects cgroups to be passed as follows:
// slice:prefix:name
diff --git a/libpod/runtime.go b/libpod/runtime.go
index 05b8134b8..5d4b895cb 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -2,10 +2,12 @@ package libpod
import (
"bytes"
+ "fmt"
"io/ioutil"
"os"
"path/filepath"
"sync"
+ "syscall"
"github.com/BurntSushi/toml"
is "github.com/containers/image/storage"
@@ -164,7 +166,7 @@ var (
CgroupManager: CgroupfsCgroupsManager,
HooksDir: hooks.DefaultDir,
StaticDir: filepath.Join(storage.DefaultStoreOptions.GraphRoot, "libpod"),
- TmpDir: "/var/run/libpod",
+ TmpDir: getDefaultTmpDir(),
MaxLogSize: -1,
NoPivotRoot: false,
CNIConfigDir: "/etc/cni/net.d/",
@@ -172,6 +174,37 @@ var (
}
)
+// GetRootlessRuntimeDir returns the runtime directory when running as non root
+func GetRootlessRuntimeDir() string {
+ hasNoEnv := false
+ runtimeDir := os.Getenv("XDG_RUNTIME_DIR")
+ if runtimeDir == "" {
+ hasNoEnv = true
+ tmpDir := filepath.Join(os.TempDir(), "user", fmt.Sprintf("%d", os.Getuid()))
+ os.MkdirAll(tmpDir, 0700)
+ st, err := os.Stat(tmpDir)
+ if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Getuid() && st.Mode().Perm() == 0700 {
+ runtimeDir = tmpDir
+ }
+ }
+ if runtimeDir == "" {
+ runtimeDir = filepath.Join(os.Getenv("HOME"), "rundir")
+ }
+ if hasNoEnv {
+ os.Setenv("XDG_RUNTIME_DIR", runtimeDir)
+ }
+ return runtimeDir
+}
+
+func getDefaultTmpDir() string {
+ if os.Getuid() == 0 {
+ return "/var/run/libpod"
+ }
+
+ rootlessRuntimeDir := GetRootlessRuntimeDir()
+ return filepath.Join(rootlessRuntimeDir, "libpod", "tmp")
+}
+
// NewRuntime creates a new container runtime
// Options can be passed to override the default configuration for the runtime
func NewRuntime(options ...RuntimeOption) (runtime *Runtime, err error) {