diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2018-09-19 10:12:36 +0200 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-09-21 10:13:39 +0000 |
commit | 1c73404fe142e7ac09200ea26945dddff8f44431 (patch) | |
tree | 880cf272671d7f21e709e47d15dc1d96b1c327b3 /cmd/podman | |
parent | 8b9b493b539ee2985b0f4470d62d456e2288d161 (diff) | |
download | podman-1c73404fe142e7ac09200ea26945dddff8f44431.tar.gz podman-1c73404fe142e7ac09200ea26945dddff8f44431.tar.bz2 podman-1c73404fe142e7ac09200ea26945dddff8f44431.zip |
create, rootless: join the userns of container:CONTAINER
so that we can also join the requested namespace.
Closes: https://github.com/containers/libpod/issues/1453
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1507
Approved by: rhatdan
Diffstat (limited to 'cmd/podman')
-rw-r--r-- | cmd/podman/create.go | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go index 6842a9f77..134752f88 100644 --- a/cmd/podman/create.go +++ b/cmd/podman/create.go @@ -802,6 +802,11 @@ func parseCreateOpts(ctx context.Context, c *cli.Context, runtime *libpod.Runtim return config, nil } +type namespace interface { + IsContainer() bool + Container() string +} + func joinOrCreateRootlessUserNamespace(createConfig *cc.CreateConfig, runtime *libpod.Runtime) (bool, int, error) { if os.Geteuid() == 0 { return false, 0, nil @@ -833,5 +838,19 @@ func joinOrCreateRootlessUserNamespace(createConfig *cc.CreateConfig, runtime *l } } + namespaces := []namespace{createConfig.IpcMode, createConfig.NetMode, createConfig.UsernsMode, createConfig.PidMode, createConfig.UtsMode} + for _, i := range namespaces { + if i.IsContainer() { + ctr, err := runtime.LookupContainer(i.Container()) + if err != nil { + return false, -1, err + } + pid, err := ctr.PID() + if err != nil { + return false, -1, err + } + return rootless.JoinNS(uint(pid)) + } + } return rootless.BecomeRootInUserNS() } |