diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2020-07-30 21:43:07 +0200 |
|---|---|---|
| committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2020-07-30 21:43:09 +0200 |
| commit | 8408cfd35c8aaa8cfcd08ee8b0874442f7430ede (patch) | |
| tree | 6c7c5fb450bc7e3313eeb6c2167fd7968064267f | |
| parent | 4132b71478c486b3f4eff6a344ee1b2defbab86f (diff) | |
| download | podman-8408cfd35c8aaa8cfcd08ee8b0874442f7430ede.tar.gz podman-8408cfd35c8aaa8cfcd08ee8b0874442f7430ede.tar.bz2 podman-8408cfd35c8aaa8cfcd08ee8b0874442f7430ede.zip | |
rootless: do not ignore errors if mappings are specified
when setting up the user namespace do not ignore errors from
newuidmap/newgidmap if there are mappings configured.
The single user mapping is a fallback only when there are not mappings
specified for the user.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| -rw-r--r-- | pkg/rootless/rootless_linux.go | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go index b1f200cc2..529e90586 100644 --- a/pkg/rootless/rootless_linux.go +++ b/pkg/rootless/rootless_linux.go @@ -224,6 +224,10 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (bool, uidsMapped := false if uids != nil { err := tryMappingTool("newuidmap", pid, os.Geteuid(), uids) + // If some mappings were specified, do not ignore the error + if err != nil && len(uids) > 0 { + return false, -1, err + } uidsMapped = err == nil } if !uidsMapped { @@ -246,6 +250,10 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (bool, gidsMapped := false if gids != nil { err := tryMappingTool("newgidmap", pid, os.Getegid(), gids) + // If some mappings were specified, do not ignore the error + if err != nil && len(gids) > 0 { + return false, -1, err + } gidsMapped = err == nil } if !gidsMapped { |