summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2020-07-30 21:43:07 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2020-07-30 21:43:09 +0200
commit8408cfd35c8aaa8cfcd08ee8b0874442f7430ede (patch)
tree6c7c5fb450bc7e3313eeb6c2167fd7968064267f
parent4132b71478c486b3f4eff6a344ee1b2defbab86f (diff)
downloadpodman-8408cfd35c8aaa8cfcd08ee8b0874442f7430ede.tar.gz
podman-8408cfd35c8aaa8cfcd08ee8b0874442f7430ede.tar.bz2
podman-8408cfd35c8aaa8cfcd08ee8b0874442f7430ede.zip
rootless: do not ignore errors if mappings are specified
when setting up the user namespace do not ignore errors from newuidmap/newgidmap if there are mappings configured. The single user mapping is a fallback only when there are not mappings specified for the user. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
-rw-r--r--pkg/rootless/rootless_linux.go8
1 files changed, 8 insertions, 0 deletions
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
index b1f200cc2..529e90586 100644
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@@ -224,6 +224,10 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (bool,
uidsMapped := false
if uids != nil {
err := tryMappingTool("newuidmap", pid, os.Geteuid(), uids)
+ // If some mappings were specified, do not ignore the error
+ if err != nil && len(uids) > 0 {
+ return false, -1, err
+ }
uidsMapped = err == nil
}
if !uidsMapped {
@@ -246,6 +250,10 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (bool,
gidsMapped := false
if gids != nil {
err := tryMappingTool("newgidmap", pid, os.Getegid(), gids)
+ // If some mappings were specified, do not ignore the error
+ if err != nil && len(gids) > 0 {
+ return false, -1, err
+ }
gidsMapped = err == nil
}
if !gidsMapped {