summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2019-03-07 08:14:22 +0100
committerGiuseppe Scrivano <gscrivan@redhat.com>2019-03-07 15:34:30 +0100
commit4a02713c57d874c404539047ccc5c5ff5c1958fc (patch)
tree17dc51a6f535188fffd123d604313fd83a305640
parentbf21ec8520bb429e9b1514422d9bc0b3426f4391 (diff)
downloadpodman-4a02713c57d874c404539047ccc5c5ff5c1958fc.tar.gz
podman-4a02713c57d874c404539047ccc5c5ff5c1958fc.tar.bz2
podman-4a02713c57d874c404539047ccc5c5ff5c1958fc.zip
rootless: exec join the user+mount namespace
it is not enough to join the user namespace where the container is running. We also need to join the mount namespace so that we can correctly look-up inside of the container rootfs. This is necessary to lookup the mounted /etc/passwd file when --user is specified. Closes: https://github.com/containers/libpod/issues/2566 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
-rw-r--r--cmd/podman/exec.go29
1 files changed, 19 insertions, 10 deletions
diff --git a/cmd/podman/exec.go b/cmd/podman/exec.go
index 32a6e4bb5..9ca613ec2 100644
--- a/cmd/podman/exec.go
+++ b/cmd/podman/exec.go
@@ -108,16 +108,25 @@ func execCmd(c *cliconfig.ExecValues) error {
}
- pid, err := ctr.PID()
- if err != nil {
- return err
- }
- became, ret, err := rootless.JoinNS(uint(pid), c.PreserveFDs)
- if err != nil {
- return err
- }
- if became {
- os.Exit(ret)
+ if os.Geteuid() != 0 {
+ var became bool
+ var ret int
+
+ data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile)
+ if err != nil {
+ return errors.Wrapf(err, "cannot read conmon PID file %q", ctr.Config().ConmonPidFile)
+ }
+ conmonPid, err := strconv.Atoi(string(data))
+ if err != nil {
+ return errors.Wrapf(err, "cannot parse PID %q", data)
+ }
+ became, ret, err = rootless.JoinDirectUserAndMountNS(uint(conmonPid))
+ if err != nil {
+ return err
+ }
+ if became {
+ os.Exit(ret)
+ }
}
// ENVIRONMENT VARIABLES