summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Heon <matthew.heon@gmail.com>2018-08-21 12:01:28 -0400
committerAtomic Bot <atomic-devel@projectatomic.io>2018-08-23 12:07:59 +0000
commitc276a13880c59054beda7ecfa04b36e4588570f8 (patch)
treee965b230a4f6eaadfffe4d23aada793e9f91960e
parent4a95ef4a4e88e1563a89e2384b1545c361a46d26 (diff)
downloadpodman-c276a13880c59054beda7ecfa04b36e4588570f8.tar.gz
podman-c276a13880c59054beda7ecfa04b36e4588570f8.tar.bz2
podman-c276a13880c59054beda7ecfa04b36e4588570f8.zip
Properly translate users into runc format for exec
Runc exec expects the --user flag to be formatted as UID:GID. Use chrootuser code to translate whatever user is passed to exec into this format. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1315 Approved by: vrothberg
-rw-r--r--libpod/container_api.go17
1 files changed, 16 insertions, 1 deletions
diff --git a/libpod/container_api.go b/libpod/container_api.go
index 3e5b6ea53..56947eb3a 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -2,6 +2,7 @@ package libpod
import (
"context"
+ "fmt"
"io/ioutil"
"os"
"strconv"
@@ -9,6 +10,7 @@ import (
"time"
"github.com/containers/libpod/libpod/driver"
+ "github.com/containers/libpod/pkg/chrootuser"
"github.com/containers/libpod/pkg/inspect"
"github.com/containers/storage/pkg/stringid"
"github.com/docker/docker/daemon/caps"
@@ -298,6 +300,19 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user string) e
capList = caps.GetAllCapabilities()
}
+ // If user was set, look it up in the container to get a UID to use on
+ // the host
+ hostUser := ""
+ if user != "" {
+ uid, gid, err := chrootuser.GetUser(c.state.Mountpoint, user)
+ if err != nil {
+ return errors.Wrapf(err, "error getting user to launch exec session as")
+ }
+
+ // runc expects user formatted as uid:gid
+ hostUser = fmt.Sprintf("%d:%d", uid, gid)
+ }
+
// Generate exec session ID
// Ensure we don't conflict with an existing session ID
sessionID := stringid.GenerateNonCryptoID()
@@ -318,7 +333,7 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user string) e
logrus.Debugf("Creating new exec session in container %s with session id %s", c.ID(), sessionID)
- execCmd, err := c.runtime.ociRuntime.execContainer(c, cmd, capList, env, tty, user, sessionID)
+ execCmd, err := c.runtime.ociRuntime.execContainer(c, cmd, capList, env, tty, hostUser, sessionID)
if err != nil {
return errors.Wrapf(err, "error creating exec command for container %s", c.ID())
}