diff options
author | Matthew Heon <matthew.heon@gmail.com> | 2018-08-21 12:01:28 -0400 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-08-23 12:07:59 +0000 |
commit | c276a13880c59054beda7ecfa04b36e4588570f8 (patch) | |
tree | e965b230a4f6eaadfffe4d23aada793e9f91960e | |
parent | 4a95ef4a4e88e1563a89e2384b1545c361a46d26 (diff) | |
download | podman-c276a13880c59054beda7ecfa04b36e4588570f8.tar.gz podman-c276a13880c59054beda7ecfa04b36e4588570f8.tar.bz2 podman-c276a13880c59054beda7ecfa04b36e4588570f8.zip |
Properly translate users into runc format for exec
Runc exec expects the --user flag to be formatted as UID:GID.
Use chrootuser code to translate whatever user is passed to exec
into this format.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1315
Approved by: vrothberg
-rw-r--r-- | libpod/container_api.go | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/libpod/container_api.go b/libpod/container_api.go index 3e5b6ea53..56947eb3a 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -2,6 +2,7 @@ package libpod import ( "context" + "fmt" "io/ioutil" "os" "strconv" @@ -9,6 +10,7 @@ import ( "time" "github.com/containers/libpod/libpod/driver" + "github.com/containers/libpod/pkg/chrootuser" "github.com/containers/libpod/pkg/inspect" "github.com/containers/storage/pkg/stringid" "github.com/docker/docker/daemon/caps" @@ -298,6 +300,19 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user string) e capList = caps.GetAllCapabilities() } + // If user was set, look it up in the container to get a UID to use on + // the host + hostUser := "" + if user != "" { + uid, gid, err := chrootuser.GetUser(c.state.Mountpoint, user) + if err != nil { + return errors.Wrapf(err, "error getting user to launch exec session as") + } + + // runc expects user formatted as uid:gid + hostUser = fmt.Sprintf("%d:%d", uid, gid) + } + // Generate exec session ID // Ensure we don't conflict with an existing session ID sessionID := stringid.GenerateNonCryptoID() @@ -318,7 +333,7 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user string) e logrus.Debugf("Creating new exec session in container %s with session id %s", c.ID(), sessionID) - execCmd, err := c.runtime.ociRuntime.execContainer(c, cmd, capList, env, tty, user, sessionID) + execCmd, err := c.runtime.ociRuntime.execContainer(c, cmd, capList, env, tty, hostUser, sessionID) if err != nil { return errors.Wrapf(err, "error creating exec command for container %s", c.ID()) } |