summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2018-12-11 13:06:57 -0800
committerGitHub <noreply@github.com>2018-12-11 13:06:57 -0800
commit878301f79db4483697eec2ab2563a0a9d465b26b (patch)
tree224d586bd7da3edc202f40004d2daaa4681e8fc2
parent8645df84dbb21f5988b46e6646bb0dd04fdb2b51 (diff)
parentbc57ecec42e53635bb4846a4af321b6203f78854 (diff)
downloadpodman-878301f79db4483697eec2ab2563a0a9d465b26b.tar.gz
podman-878301f79db4483697eec2ab2563a0a9d465b26b.tar.bz2
podman-878301f79db4483697eec2ab2563a0a9d465b26b.zip
Merge pull request #1978 from mheon/only_one_execuser
Prevent a second lookup of user for image volumes
-rw-r--r--libpod/container_internal.go12
-rw-r--r--libpod/container_internal_linux.go2
2 files changed, 5 insertions, 9 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index f69acb33b..af17d8495 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -18,12 +18,12 @@ import (
"github.com/containers/libpod/pkg/ctime"
"github.com/containers/libpod/pkg/hooks"
"github.com/containers/libpod/pkg/hooks/exec"
- "github.com/containers/libpod/pkg/lookup"
"github.com/containers/libpod/pkg/rootless"
"github.com/containers/storage"
"github.com/containers/storage/pkg/archive"
"github.com/containers/storage/pkg/chrootarchive"
"github.com/containers/storage/pkg/mount"
+ "github.com/opencontainers/runc/libcontainer/user"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
"github.com/opencontainers/selinux/go-selinux/label"
@@ -1027,7 +1027,7 @@ func (c *Container) writeStringToRundir(destFile, output string) (string, error)
return filepath.Join(c.state.DestinationRunDir, destFile), nil
}
-func (c *Container) addLocalVolumes(ctx context.Context, g *generate.Generator) error {
+func (c *Container) addLocalVolumes(ctx context.Context, g *generate.Generator, execUser *user.ExecUser) error {
var uid, gid int
mountPoint := c.state.Mountpoint
if !c.state.Mounted {
@@ -1053,12 +1053,8 @@ func (c *Container) addLocalVolumes(ctx context.Context, g *generate.Generator)
}
if c.config.User != "" {
- if !c.state.Mounted {
- return errors.Wrapf(ErrCtrStateInvalid, "container %s must be mounted in order to translate User field", c.ID())
- }
- execUser, err := lookup.GetUserGroupInfo(c.state.Mountpoint, c.config.User, nil)
- if err != nil {
- return err
+ if execUser == nil {
+ return errors.Wrapf(ErrInternal, "nil pointer passed to addLocalVolumes for execUser")
}
uid = execUser.Uid
gid = execUser.Gid
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index f9b0592f9..4f2955110 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -236,7 +236,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
// Bind builtin image volumes
if c.config.Rootfs == "" && c.config.ImageVolumes {
- if err := c.addLocalVolumes(ctx, &g); err != nil {
+ if err := c.addLocalVolumes(ctx, &g, execUser); err != nil {
return nil, errors.Wrapf(err, "error mounting image volumes")
}
}