diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2018-12-13 13:46:38 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-12-13 13:46:38 -0800 |
commit | 93b5ccfe94f3f180542f045a92f14b8d2368e73e (patch) | |
tree | 5f9a3bc93fd435a3427f6d352231e8dae49d89d7 | |
parent | 1f9bc65d6d67724bd31a6b531986da65c2cce12a (diff) | |
parent | a609e026a5f58d935a25e558480ed314783062fc (diff) | |
download | podman-93b5ccfe94f3f180542f045a92f14b8d2368e73e.tar.gz podman-93b5ccfe94f3f180542f045a92f14b8d2368e73e.tar.bz2 podman-93b5ccfe94f3f180542f045a92f14b8d2368e73e.zip |
Merge pull request #1994 from giuseppe/rootless-mount-allow-only-from-vfs
mount: allow mount only when using vfs
-rw-r--r-- | cmd/podman/main.go | 1 | ||||
-rw-r--r-- | cmd/podman/mount.go | 21 |
2 files changed, 22 insertions, 0 deletions
diff --git a/cmd/podman/main.go b/cmd/podman/main.go index 796b0b03a..2db6c5dec 100644 --- a/cmd/podman/main.go +++ b/cmd/podman/main.go @@ -34,6 +34,7 @@ var cmdsNotRequiringRootless = map[string]bool{ // If this change, please also update libpod.refreshRootless() "login": true, "logout": true, + "mount": true, "kill": true, "pause": true, "restart": true, diff --git a/cmd/podman/mount.go b/cmd/podman/mount.go index 585f506cd..c91115597 100644 --- a/cmd/podman/mount.go +++ b/cmd/podman/mount.go @@ -3,9 +3,11 @@ package main import ( js "encoding/json" "fmt" + "os" of "github.com/containers/libpod/cmd/podman/formats" "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/pkg/rootless" "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/urfave/cli" @@ -52,6 +54,9 @@ func mountCmd(c *cli.Context) error { if err := validateFlags(c, mountFlags); err != nil { return err } + if os.Geteuid() != 0 { + rootless.SetSkipStorageSetup(true) + } runtime, err := libpodruntime.GetRuntime(c) if err != nil { @@ -59,6 +64,22 @@ func mountCmd(c *cli.Context) error { } defer runtime.Shutdown(false) + if os.Geteuid() != 0 { + if driver := runtime.GetConfig().StorageConfig.GraphDriverName; driver != "vfs" { + // Do not allow to mount a graphdriver that is not vfs if we are creating the userns as part + // of the mount command. + return fmt.Errorf("cannot mount using driver %s in rootless mode", driver) + } + + became, ret, err := rootless.BecomeRootInUserNS() + if err != nil { + return err + } + if became { + os.Exit(ret) + } + } + formats := map[string]bool{ "": true, of.JSONString: true, |