aboutsummaryrefslogtreecommitdiff
path: root/cmd/podman/create.go
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2018-10-23 22:06:14 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2018-10-23 22:13:17 +0200
commitdfc689efc9a5746b0c31147562c5051c45874002 (patch)
treea8cc2e5d875e4b3f23174fd1e4a41b459fa83b1a /cmd/podman/create.go
parent10bab99ea01006c4ca0048e6177d753f0732add7 (diff)
downloadpodman-dfc689efc9a5746b0c31147562c5051c45874002.tar.gz
podman-dfc689efc9a5746b0c31147562c5051c45874002.tar.bz2
podman-dfc689efc9a5746b0c31147562c5051c45874002.zip
create: fix writing cidfile when using rootless
prevent opening the same file twice, since we re-exec podman in rootless mode. While at it, also solve a possible race between the check for the file and writing to it. Another process could have created the file in the meanwhile and we would just end up overwriting it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'cmd/podman/create.go')
-rw-r--r--cmd/podman/create.go29
1 files changed, 18 insertions, 11 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index 248ff1b7d..9f6825c95 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -95,15 +95,6 @@ func createInit(c *cli.Context) error {
return err
}
- if c.String("cidfile") != "" {
- if _, err := os.Stat(c.String("cidfile")); err == nil {
- return errors.Errorf("container id file exists. ensure another container is not using it or delete %s", c.String("cidfile"))
- }
- if err := libpod.WriteFile("", c.String("cidfile")); err != nil {
- return errors.Wrapf(err, "unable to write cidfile %s", c.String("cidfile"))
- }
- }
-
if len(c.Args()) < 1 {
return errors.Errorf("image name or ID is required")
}
@@ -119,6 +110,20 @@ func createContainer(c *cli.Context, runtime *libpod.Runtime) (*libpod.Container
rootfs = c.Args()[0]
}
+ var err error
+ var cidFile *os.File
+ if c.IsSet("cidfile") && os.Geteuid() == 0 {
+ cidFile, err = libpod.OpenExclusiveFile(c.String("cidfile"))
+ if err != nil && os.IsExist(err) {
+ return nil, nil, errors.Errorf("container id file exists. Ensure another container is not using it or delete %s", c.String("cidfile"))
+ }
+ if err != nil {
+ return nil, nil, errors.Errorf("error opening cidfile %s", c.String("cidfile"))
+ }
+ defer cidFile.Close()
+ defer cidFile.Sync()
+ }
+
imageName := ""
var data *inspect.ImageData = nil
@@ -171,12 +176,14 @@ func createContainer(c *cli.Context, runtime *libpod.Runtime) (*libpod.Container
return nil, nil, err
}
- if c.String("cidfile") != "" {
- err := libpod.WriteFile(ctr.ID(), c.String("cidfile"))
+ if cidFile != nil {
+ _, err = cidFile.WriteString(ctr.ID())
if err != nil {
logrus.Error(err)
}
+
}
+
logrus.Debugf("New container created %q", ctr.ID())
return ctr, createConfig, nil
}