diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-12-14 09:31:20 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-14 09:31:20 -0500 |
commit | 803c078d3b844339c5fca0088ffcb759b6256b9b (patch) | |
tree | 88995ef03341d5ba30435b241a42c85cf6e037ed | |
parent | e5741b984ed438e4c716eec67c83b3c927a97ebb (diff) | |
parent | f711f5a68de98b911ef31676843e6d463cc47f69 (diff) | |
download | podman-803c078d3b844339c5fca0088ffcb759b6256b9b.tar.gz podman-803c078d3b844339c5fca0088ffcb759b6256b9b.tar.bz2 podman-803c078d3b844339c5fca0088ffcb759b6256b9b.zip |
Merge pull request #8693 from giuseppe/drop-valid-id-in-userns-check
podman: drop checking valid rootless UID
-rw-r--r-- | cmd/podman/containers/run.go | 11 | ||||
-rw-r--r-- | libpod/container_internal_linux.go | 5 | ||||
-rw-r--r-- | pkg/util/utils_linux.go | 17 | ||||
-rw-r--r-- | pkg/util/utils_unsupported.go | 5 |
4 files changed, 0 insertions, 38 deletions
diff --git a/cmd/podman/containers/run.go b/cmd/podman/containers/run.go index 6ff1b929d..46bfb4143 100644 --- a/cmd/podman/containers/run.go +++ b/cmd/podman/containers/run.go @@ -3,7 +3,6 @@ package containers import ( "fmt" "os" - "strconv" "strings" "github.com/containers/common/pkg/completion" @@ -15,7 +14,6 @@ import ( "github.com/containers/podman/v2/pkg/errorhandling" "github.com/containers/podman/v2/pkg/rootless" "github.com/containers/podman/v2/pkg/specgen" - "github.com/containers/podman/v2/pkg/util" "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/cobra" @@ -108,15 +106,6 @@ func run(cmd *cobra.Command, args []string) error { return err } - if rootless.IsRootless() && !registry.IsRemote() { - userspec := strings.SplitN(cliVals.User, ":", 2)[0] - if uid, err := strconv.ParseInt(userspec, 10, 32); err == nil { - if err := util.CheckRootlessUIDRange(int(uid)); err != nil { - return err - } - } - } - if af := cliVals.Authfile; len(af) > 0 { if _, err := os.Stat(af); err != nil { return err diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 1bf044f9d..dc1a64863 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -424,11 +424,6 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { } if c.config.User != "" { - if rootless.IsRootless() { - if err := util.CheckRootlessUIDRange(execUser.Uid); err != nil { - return nil, err - } - } // User and Group must go together g.SetProcessUID(uint32(execUser.Uid)) g.SetProcessGID(uint32(execUser.Gid)) diff --git a/pkg/util/utils_linux.go b/pkg/util/utils_linux.go index e4957f442..288137ca5 100644 --- a/pkg/util/utils_linux.go +++ b/pkg/util/utils_linux.go @@ -6,7 +6,6 @@ import ( "path/filepath" "syscall" - "github.com/containers/podman/v2/pkg/rootless" "github.com/containers/psgo" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -53,19 +52,3 @@ func FindDeviceNodes() (map[string]string, error) { return nodes, nil } - -// CheckRootlessUIDRange checks the uid within the rootless container is in the range from /etc/subuid -func CheckRootlessUIDRange(uid int) error { - uids, _, err := rootless.GetConfiguredMappings() - if err != nil { - return err - } - total := 0 - for _, u := range uids { - total += u.Size - } - if uid > total { - return errors.Errorf("requested user's UID %d is too large for the rootless user namespace", uid) - } - return nil -} diff --git a/pkg/util/utils_unsupported.go b/pkg/util/utils_unsupported.go index f8d5a37c1..62805d7c8 100644 --- a/pkg/util/utils_unsupported.go +++ b/pkg/util/utils_unsupported.go @@ -10,8 +10,3 @@ import ( func FindDeviceNodes() (map[string]string, error) { return nil, errors.Errorf("not supported on non-Linux OSes") } - -// CheckRootlessUIDRange is not implemented anywhere except Linux. -func CheckRootlessUIDRange(uid int) error { - return nil -} |