diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-03-08 12:06:16 +0100 |
|---|---|---|
| committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-03-11 11:48:28 +0100 |
| commit | 231129e4dc083d9f63cf1876cc1695f7f8c03f25 (patch) | |
| tree | 4113cdca5717e8d7a1e0cc97694f03fa1e903410 /cmd/podman/pod.go | |
| parent | 35432ecaae4a8372a6f40a6cac476f0140094c7c (diff) | |
| download | podman-231129e4dc083d9f63cf1876cc1695f7f8c03f25.tar.gz podman-231129e4dc083d9f63cf1876cc1695f7f8c03f25.tar.bz2 podman-231129e4dc083d9f63cf1876cc1695f7f8c03f25.zip | |
rootless: fix pod stop|rm if uid in the container != 0
join the user namespace where the pod is running, so that we can both
manage the storage and correctly send the kill signal to a process
which is not running as root in the namespace.
Closes: https://github.com/containers/libpod/issues/2577
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'cmd/podman/pod.go')
| -rw-r--r-- | cmd/podman/pod.go | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/cmd/podman/pod.go b/cmd/podman/pod.go index 2d9bca21d..9a9c7a702 100644 --- a/cmd/podman/pod.go +++ b/cmd/podman/pod.go @@ -1,7 +1,12 @@ package main import ( + "os" + "github.com/containers/libpod/cmd/podman/cliconfig" + "github.com/containers/libpod/pkg/adapter" + "github.com/containers/libpod/pkg/rootless" + "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -34,6 +39,48 @@ var podSubCommands = []*cobra.Command{ _podUnpauseCommand, } +func joinPodNS(runtime *adapter.LocalRuntime, all, latest bool, inputArgs []string) ([]string, bool, bool, error) { + if rootless.IsRootless() { + if os.Geteuid() == 0 { + return []string{rootless.Argument()}, false, false, nil + } else { + var err error + var pods []*adapter.Pod + if all { + pods, err = runtime.GetAllPods() + if err != nil { + return nil, false, false, errors.Wrapf(err, "unable to get pods") + } + } else if latest { + pod, err := runtime.GetLatestPod() + if err != nil { + return nil, false, false, errors.Wrapf(err, "unable to get latest pod") + } + pods = append(pods, pod) + } else { + for _, i := range inputArgs { + pod, err := runtime.LookupPod(i) + if err != nil { + return nil, false, false, errors.Wrapf(err, "unable to lookup pod %s", i) + } + pods = append(pods, pod) + } + } + for _, p := range pods { + _, ret, err := runtime.JoinOrCreateRootlessPod(p) + if err != nil { + return nil, false, false, err + } + if ret != 0 { + os.Exit(ret) + } + } + os.Exit(0) + } + } + return inputArgs, all, latest, nil +} + func init() { podCommand.AddCommand(podSubCommands...) podCommand.SetHelpTemplate(HelpTemplate()) |