summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2022-06-17 14:16:21 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2022-06-21 15:50:52 +0200
commitecf225019a6cbb37edc5cc938ba260248d351c89 (patch)
tree0ad236740fba6072f1052b141bdb26f422eb76c0
parent9afd5e31c8e2d6a59868ec834cb1893c24a9c12b (diff)
downloadpodman-ecf225019a6cbb37edc5cc938ba260248d351c89.tar.gz
podman-ecf225019a6cbb37edc5cc938ba260248d351c89.tar.bz2
podman-ecf225019a6cbb37edc5cc938ba260248d351c89.zip
rootless: attempt to join all specified paths
when there are multiple paths specified, attempt to join them all before returning an error. Previously we were failing on the first pid found. [NO NEW TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
-rw-r--r--pkg/domain/infra/abi/system.go10
-rw-r--r--pkg/rootless/rootless_linux.go33
2 files changed, 22 insertions, 21 deletions
diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go
index 820ba529b..6be37c87f 100644
--- a/pkg/domain/infra/abi/system.go
+++ b/pkg/domain/infra/abi/system.go
@@ -125,8 +125,14 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool)
paths = append(paths, ctr.Config().ConmonPidFile)
}
- became, ret, err = rootless.TryJoinFromFilePaths(pausePidPath, true, paths)
- utils.MovePauseProcessToScope(pausePidPath)
+ if len(paths) > 0 {
+ became, ret, err = rootless.TryJoinFromFilePaths(pausePidPath, true, paths)
+ } else {
+ became, ret, err = rootless.BecomeRootInUserNS(pausePidPath)
+ if err == nil {
+ utils.MovePauseProcessToScope(pausePidPath)
+ }
+ }
if err != nil {
logrus.Error(errors.Wrapf(err, "invalid internal status, try resetting the pause process with %q", os.Args[0]+" system migrate"))
os.Exit(1)
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
index cbc2bc1f5..d0bdf0ffe 100644
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@@ -461,13 +461,8 @@ func BecomeRootInUserNS(pausePid string) (bool, int, error) {
// different uidmap and the unprivileged user has no way to read the
// file owned by the root in the container.
func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []string) (bool, int, error) {
- if len(paths) == 0 {
- return BecomeRootInUserNS(pausePidPath)
- }
-
var lastErr error
var pausePid int
- foundProcess := false
for _, path := range paths {
if !needNewNamespace {
@@ -479,12 +474,9 @@ func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []st
pausePid, err = strconv.Atoi(string(data))
if err != nil {
- lastErr = errors.Wrapf(err, "cannot parse file %s", path)
+ lastErr = errors.Wrapf(err, "cannot parse file %q", path)
continue
}
-
- lastErr = nil
- break
} else {
r, w, err := os.Pipe()
if err != nil {
@@ -511,26 +503,29 @@ func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []st
n, err := r.Read(b)
if err != nil {
- lastErr = errors.Wrapf(err, "cannot read %s\n", path)
+ lastErr = errors.Wrapf(err, "cannot read %q", path)
continue
}
pausePid, err = strconv.Atoi(string(b[:n]))
- if err == nil && unix.Kill(pausePid, 0) == nil {
- foundProcess = true
- lastErr = nil
- break
+ if err != nil {
+ lastErr = err
+ continue
}
}
- }
- if !foundProcess && pausePidPath != "" {
- return BecomeRootInUserNS(pausePidPath)
+
+ if pausePid > 0 && unix.Kill(pausePid, 0) == nil {
+ joined, pid, err := joinUserAndMountNS(uint(pausePid), pausePidPath)
+ if err == nil {
+ return joined, pid, nil
+ }
+ lastErr = err
+ }
}
if lastErr != nil {
return false, 0, lastErr
}
-
- return joinUserAndMountNS(uint(pausePid), pausePidPath)
+ return false, 0, errors.Wrapf(unix.ESRCH, "could not find any running process")
}
// ReadMappingsProc parses and returns the ID mappings at the specified path.