aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2019-03-08 08:22:55 -0800
committerGitHub <noreply@github.com>2019-03-08 08:22:55 -0800
commitc4815e8a618cb7824f0a8e8c84771c69ed2a8943 (patch)
treed48f163005a338b4c4a876e507c02f0790557a5d
parent90319bcf5202bb54e6e6bf59e4b887fa462e4714 (diff)
parent081291c8d62b989373149973c1ce0fad0fe7fea1 (diff)
downloadpodman-c4815e8a618cb7824f0a8e8c84771c69ed2a8943.tar.gz
podman-c4815e8a618cb7824f0a8e8c84771c69ed2a8943.tar.bz2
podman-c4815e8a618cb7824f0a8e8c84771c69ed2a8943.zip
Merge pull request #2569 from giuseppe/rootless-fix-exec-with-user
rootless: exec join the user+mount namespace
-rw-r--r--cmd/podman/create.go11
-rw-r--r--cmd/podman/exec.go29
2 files changed, 29 insertions, 11 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index fa8b9f57b..8a5d0cf73 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -893,7 +893,16 @@ func joinOrCreateRootlessUserNamespace(createConfig *cc.CreateConfig, runtime *l
}
return false, -1, errors.Errorf("dependency container %s is not running", ctr.ID())
}
- return rootless.JoinNS(uint(pid), 0)
+
+ data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile)
+ if err != nil {
+ return false, -1, errors.Wrapf(err, "cannot read conmon PID file %q", ctr.Config().ConmonPidFile)
+ }
+ conmonPid, err := strconv.Atoi(string(data))
+ if err != nil {
+ return false, -1, errors.Wrapf(err, "cannot parse PID %q", data)
+ }
+ return rootless.JoinDirectUserAndMountNS(uint(conmonPid))
}
}
return rootless.BecomeRootInUserNS()
diff --git a/cmd/podman/exec.go b/cmd/podman/exec.go
index c3bcec2ec..e4cea1f5e 100644
--- a/cmd/podman/exec.go
+++ b/cmd/podman/exec.go
@@ -106,16 +106,25 @@ func execCmd(c *cliconfig.ExecValues) error {
}
- pid, err := ctr.PID()
- if err != nil {
- return err
- }
- became, ret, err := rootless.JoinNS(uint(pid), c.PreserveFDs)
- if err != nil {
- return err
- }
- if became {
- os.Exit(ret)
+ if os.Geteuid() != 0 {
+ var became bool
+ var ret int
+
+ data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile)
+ if err != nil {
+ return errors.Wrapf(err, "cannot read conmon PID file %q", ctr.Config().ConmonPidFile)
+ }
+ conmonPid, err := strconv.Atoi(string(data))
+ if err != nil {
+ return errors.Wrapf(err, "cannot parse PID %q", data)
+ }
+ became, ret, err = rootless.JoinDirectUserAndMountNS(uint(conmonPid))
+ if err != nil {
+ return err
+ }
+ if became {
+ os.Exit(ret)
+ }
}
// ENVIRONMENT VARIABLES