summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2020-04-06 20:48:05 +0200
committerGitHub <noreply@github.com>2020-04-06 20:48:05 +0200
commita858b3a6a36b19429958d0b05f427afa3f63a8b7 (patch)
treee983ba8a4a959b0067f2fb68fd7ca3c92de66095
parente318b09b6800ddb013ddf3b9a2fb99ebc55bd920 (diff)
parent9f2d9679d7cf8e6ef6929c8838008e46cfc2efc0 (diff)
downloadpodman-a858b3a6a36b19429958d0b05f427afa3f63a8b7.tar.gz
podman-a858b3a6a36b19429958d0b05f427afa3f63a8b7.tar.bz2
podman-a858b3a6a36b19429958d0b05f427afa3f63a8b7.zip
Merge pull request #5705 from rhatdan/reset
Cleanup whether to enter user namespace
-rw-r--r--cmd/podman/main_local.go22
1 files changed, 20 insertions, 2 deletions
diff --git a/cmd/podman/main_local.go b/cmd/podman/main_local.go
index 23b3f5ae7..a65e6acf8 100644
--- a/cmd/podman/main_local.go
+++ b/cmd/podman/main_local.go
@@ -11,7 +11,6 @@ import (
"os"
"runtime/pprof"
"strconv"
- "strings"
"syscall"
"github.com/containers/common/pkg/config"
@@ -192,7 +191,7 @@ func setupRootless(cmd *cobra.Command, args []string) error {
}
}
- if os.Geteuid() == 0 || cmd == _searchCommand || cmd == _versionCommand || cmd == _mountCommand || cmd == _migrateCommand || strings.HasPrefix(cmd.Use, "help") {
+ if !executeCommandInUserNS(cmd) {
return nil
}
@@ -243,6 +242,25 @@ func setupRootless(cmd *cobra.Command, args []string) error {
return nil
}
+// Most podman commands when run in rootless mode, need to be executed in the
+// users usernamespace. This function is updated with a list of commands that
+// should NOT be run within the user namespace.
+func executeCommandInUserNS(cmd *cobra.Command) bool {
+ if os.Geteuid() == 0 {
+ return false
+ }
+ switch cmd {
+ case _migrateCommand,
+ _mountCommand,
+ _renumberCommand,
+ _infoCommand,
+ _searchCommand,
+ _versionCommand:
+ return false
+ }
+ return true
+}
+
func setRLimits() error {
rlimits := new(syscall.Rlimit)
rlimits.Cur = 1048576