diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2018-06-01 13:25:19 +0200 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-06-15 14:53:18 +0000 |
commit | 4086a0f7371dbe5ea104dafe83aadb77b969c0ba (patch) | |
tree | 8a83cc87f34b065a855aefc5748ee45960980b11 | |
parent | a1ec6747f187ff2dbc1256cb5c11c5775324f2e2 (diff) | |
download | podman-4086a0f7371dbe5ea104dafe83aadb77b969c0ba.tar.gz podman-4086a0f7371dbe5ea104dafe83aadb77b969c0ba.tar.bz2 podman-4086a0f7371dbe5ea104dafe83aadb77b969c0ba.zip |
podman: use a different store for the rootless case
so that the user has rw access to it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #871
Approved by: mheon
-rw-r--r-- | cmd/podman/create.go | 6 | ||||
-rw-r--r-- | cmd/podman/libpodruntime/runtime.go | 40 | ||||
-rw-r--r-- | cmd/podman/run.go | 6 | ||||
-rw-r--r-- | libpod/container_internal.go | 4 | ||||
-rw-r--r-- | libpod/runtime.go | 35 |
5 files changed, 84 insertions, 7 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go index a0c1ec3f0..52d6e32f6 100644 --- a/cmd/podman/create.go +++ b/cmd/podman/create.go @@ -9,7 +9,6 @@ import ( "strings" "syscall" - "github.com/containers/storage" "github.com/docker/docker/api/types/container" "github.com/docker/docker/pkg/signal" "github.com/docker/go-connections/nat" @@ -81,7 +80,10 @@ func createCmd(c *cli.Context) error { if err != nil { return err } - storageOpts := storage.DefaultStoreOptions + storageOpts, err := libpodruntime.GetDefaultStoreOptions() + if err != nil { + return err + } storageOpts.UIDMap = mappings.UIDMap storageOpts.GIDMap = mappings.GIDMap diff --git a/cmd/podman/libpodruntime/runtime.go b/cmd/podman/libpodruntime/runtime.go index 9ea40e00a..042ce87e5 100644 --- a/cmd/podman/libpodruntime/runtime.go +++ b/cmd/podman/libpodruntime/runtime.go @@ -1,6 +1,10 @@ package libpodruntime import ( + "fmt" + "os" + "path/filepath" + "github.com/containers/storage" "github.com/projectatomic/libpod/libpod" "github.com/urfave/cli" @@ -8,10 +12,44 @@ import ( // GetRuntime generates a new libpod runtime configured by command line options func GetRuntime(c *cli.Context) (*libpod.Runtime, error) { - storageOpts := storage.DefaultStoreOptions + storageOpts, err := GetDefaultStoreOptions() + if err != nil { + return nil, err + } return GetRuntimeWithStorageOpts(c, &storageOpts) } +func GetRootlessStorageOpts() (storage.StoreOptions, error) { + var opts storage.StoreOptions + + opts.RunRoot = filepath.Join(libpod.GetRootlessRuntimeDir(), "run") + + dataDir := os.Getenv("XDG_DATA_DIR") + if dataDir != "" { + opts.GraphRoot = filepath.Join(dataDir, "containers", "storage") + } else { + home := os.Getenv("HOME") + if home == "" { + return opts, fmt.Errorf("HOME not specified") + } + opts.GraphRoot = filepath.Join(home, ".containers", "storage") + } + opts.GraphDriverName = "vfs" + return opts, nil +} + +func GetDefaultStoreOptions() (storage.StoreOptions, error) { + storageOpts := storage.DefaultStoreOptions + if os.Getuid() != 0 { + var err error + storageOpts, err = GetRootlessStorageOpts() + if err != nil { + return storageOpts, err + } + } + return storageOpts, nil +} + // GetRuntime generates a new libpod runtime configured by command line options func GetRuntimeWithStorageOpts(c *cli.Context, storageOpts *storage.StoreOptions) (*libpod.Runtime, error) { options := []libpod.RuntimeOption{} diff --git a/cmd/podman/run.go b/cmd/podman/run.go index 2131df7ab..b7516a233 100644 --- a/cmd/podman/run.go +++ b/cmd/podman/run.go @@ -9,7 +9,6 @@ import ( "strconv" "strings" - "github.com/containers/storage" "github.com/pkg/errors" "github.com/projectatomic/libpod/cmd/podman/libpodruntime" "github.com/projectatomic/libpod/libpod" @@ -54,7 +53,10 @@ func runCmd(c *cli.Context) error { } } - storageOpts := storage.DefaultStoreOptions + storageOpts, err := libpodruntime.GetDefaultStoreOptions() + if err != nil { + return err + } mappings, err := util.ParseIDMapping(c.StringSlice("uidmap"), c.StringSlice("gidmap"), c.String("subuidmap"), c.String("subgidmap")) if err != nil { return err diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 30dbf52e6..bd0074e56 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -1296,7 +1296,9 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { g.AddProcessEnv("container", "libpod") } - if c.runtime.config.CgroupManager == SystemdCgroupsManager { + if os.Getuid() != 0 { + g.SetLinuxCgroupsPath("") + } else if c.runtime.config.CgroupManager == SystemdCgroupsManager { // When runc is set to use Systemd as a cgroup manager, it // expects cgroups to be passed as follows: // slice:prefix:name diff --git a/libpod/runtime.go b/libpod/runtime.go index 05b8134b8..5d4b895cb 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -2,10 +2,12 @@ package libpod import ( "bytes" + "fmt" "io/ioutil" "os" "path/filepath" "sync" + "syscall" "github.com/BurntSushi/toml" is "github.com/containers/image/storage" @@ -164,7 +166,7 @@ var ( CgroupManager: CgroupfsCgroupsManager, HooksDir: hooks.DefaultDir, StaticDir: filepath.Join(storage.DefaultStoreOptions.GraphRoot, "libpod"), - TmpDir: "/var/run/libpod", + TmpDir: getDefaultTmpDir(), MaxLogSize: -1, NoPivotRoot: false, CNIConfigDir: "/etc/cni/net.d/", @@ -172,6 +174,37 @@ var ( } ) +// GetRootlessRuntimeDir returns the runtime directory when running as non root +func GetRootlessRuntimeDir() string { + hasNoEnv := false + runtimeDir := os.Getenv("XDG_RUNTIME_DIR") + if runtimeDir == "" { + hasNoEnv = true + tmpDir := filepath.Join(os.TempDir(), "user", fmt.Sprintf("%d", os.Getuid())) + os.MkdirAll(tmpDir, 0700) + st, err := os.Stat(tmpDir) + if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Getuid() && st.Mode().Perm() == 0700 { + runtimeDir = tmpDir + } + } + if runtimeDir == "" { + runtimeDir = filepath.Join(os.Getenv("HOME"), "rundir") + } + if hasNoEnv { + os.Setenv("XDG_RUNTIME_DIR", runtimeDir) + } + return runtimeDir +} + +func getDefaultTmpDir() string { + if os.Getuid() == 0 { + return "/var/run/libpod" + } + + rootlessRuntimeDir := GetRootlessRuntimeDir() + return filepath.Join(rootlessRuntimeDir, "libpod", "tmp") +} + // NewRuntime creates a new container runtime // Options can be passed to override the default configuration for the runtime func NewRuntime(options ...RuntimeOption) (runtime *Runtime, err error) { |