aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2018-12-05 08:09:58 -0800
committerGitHub <noreply@github.com>2018-12-05 08:09:58 -0800
commitbe74acee1ce5eed5c85d5ee96a7d305098be7112 (patch)
tree7b585e1ea64706eb9570dd036141a71bf5333539
parent50e754cd579933ba887927f4ff05754ad926eb30 (diff)
parent39df2093e89a2816f317b72a73106166031045e6 (diff)
downloadpodman-be74acee1ce5eed5c85d5ee96a7d305098be7112.tar.gz
podman-be74acee1ce5eed5c85d5ee96a7d305098be7112.tar.bz2
podman-be74acee1ce5eed5c85d5ee96a7d305098be7112.zip
Merge pull request #1940 from wking/numeric-gid
libpod/container_internal_linux: Allow gids that aren't in the group file
-rw-r--r--libpod/container_internal_linux.go22
-rw-r--r--pkg/lookup/lookup.go18
2 files changed, 21 insertions, 19 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 780bf5279..b540bbeb8 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -236,9 +236,6 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
}
if c.config.User != "" {
- if !c.state.Mounted {
- return nil, errors.Wrapf(ErrCtrStateInvalid, "container %s must be mounted in order to translate User field", c.ID())
- }
// User and Group must go together
g.SetProcessUID(uint32(execUser.Uid))
g.SetProcessGID(uint32(execUser.Gid))
@@ -246,9 +243,6 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
// Add addition groups if c.config.GroupAdd is not empty
if len(c.config.Groups) > 0 {
- if !c.state.Mounted {
- return nil, errors.Wrapf(ErrCtrStateInvalid, "container %s must be mounted in order to add additional groups", c.ID())
- }
gids, _ := lookup.GetContainerGroups(c.config.Groups, c.state.Mountpoint, nil)
for _, gid := range gids {
g.AddProcessAdditionalGid(gid)
@@ -800,7 +794,6 @@ func (c *Container) generateHosts() (string, error) {
func (c *Container) generatePasswd() (string, error) {
var (
groupspec string
- group *user.Group
gid int
)
if c.config.User == "" {
@@ -825,17 +818,16 @@ func (c *Container) generatePasswd() (string, error) {
return "", nil
}
if groupspec != "" {
- if !c.state.Mounted {
- return "", errors.Wrapf(ErrCtrStateInvalid, "container %s must be mounted in order to translate group field for passwd record", c.ID())
- }
- group, err = lookup.GetGroup(c.state.Mountpoint, groupspec)
- if err != nil {
- if err == user.ErrNoGroupEntries {
+ ugid, err := strconv.ParseUint(groupspec, 10, 32)
+ if err == nil {
+ gid = int(ugid)
+ } else {
+ group, err := lookup.GetGroup(c.state.Mountpoint, groupspec)
+ if err != nil {
return "", errors.Wrapf(err, "unable to get gid %s from group file", groupspec)
}
- return "", err
+ gid = group.Gid
}
- gid = group.Gid
}
originPasswdFile := filepath.Join(c.state.Mountpoint, "/etc/passwd")
orig, err := ioutil.ReadFile(originPasswdFile)
diff --git a/pkg/lookup/lookup.go b/pkg/lookup/lookup.go
index a9d975b4b..70b97144f 100644
--- a/pkg/lookup/lookup.go
+++ b/pkg/lookup/lookup.go
@@ -99,9 +99,11 @@ func GetContainerGroups(groups []string, containerMount string, override *Overri
return uintgids, nil
}
-// GetUser takes a containermount path and user name or id and returns
+// GetUser takes a containermount path and user name or ID and returns
// a matching User structure from /etc/passwd. If it cannot locate a user
// with the provided information, an ErrNoPasswdEntries is returned.
+// When the provided user name was an ID, a User structure with Uid
+// set is returned along with ErrNoPasswdEntries.
func GetUser(containerMount, userIDorName string) (*user.User, error) {
var inputIsName bool
uid, err := strconv.Atoi(userIDorName)
@@ -124,12 +126,17 @@ func GetUser(containerMount, userIDorName string) (*user.User, error) {
if len(users) > 0 {
return &users[0], nil
}
+ if !inputIsName {
+ return &user.User{Uid: uid}, user.ErrNoPasswdEntries
+ }
return nil, user.ErrNoPasswdEntries
}
-// GetGroup takes ac ontainermount path and a group name or id and returns
-// a match Group struct from /etc/group. if it cannot locate a group,
-// an ErrNoGroupEntries error is returned.
+// GetGroup takes a containermount path and a group name or ID and returns
+// a match Group struct from /etc/group. If it cannot locate a group,
+// an ErrNoGroupEntries error is returned. When the provided group name
+// was an ID, a Group structure with Gid set is returned along with
+// ErrNoGroupEntries.
func GetGroup(containerMount, groupIDorName string) (*user.Group, error) {
var inputIsName bool
gid, err := strconv.Atoi(groupIDorName)
@@ -154,5 +161,8 @@ func GetGroup(containerMount, groupIDorName string) (*user.Group, error) {
if len(groups) > 0 {
return &groups[0], nil
}
+ if !inputIsName {
+ return &user.Group{Gid: gid}, user.ErrNoGroupEntries
+ }
return nil, user.ErrNoGroupEntries
}