summaryrefslogtreecommitdiff
path: root/cmd/podman
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2018-09-19 10:12:36 +0200
committerAtomic Bot <atomic-devel@projectatomic.io>2018-09-21 10:13:39 +0000
commit1c73404fe142e7ac09200ea26945dddff8f44431 (patch)
tree880cf272671d7f21e709e47d15dc1d96b1c327b3 /cmd/podman
parent8b9b493b539ee2985b0f4470d62d456e2288d161 (diff)
downloadpodman-1c73404fe142e7ac09200ea26945dddff8f44431.tar.gz
podman-1c73404fe142e7ac09200ea26945dddff8f44431.tar.bz2
podman-1c73404fe142e7ac09200ea26945dddff8f44431.zip
create, rootless: join the userns of container:CONTAINER
so that we can also join the requested namespace. Closes: https://github.com/containers/libpod/issues/1453 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1507 Approved by: rhatdan
Diffstat (limited to 'cmd/podman')
-rw-r--r--cmd/podman/create.go19
1 files changed, 19 insertions, 0 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index 6842a9f77..134752f88 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -802,6 +802,11 @@ func parseCreateOpts(ctx context.Context, c *cli.Context, runtime *libpod.Runtim
return config, nil
}
+type namespace interface {
+ IsContainer() bool
+ Container() string
+}
+
func joinOrCreateRootlessUserNamespace(createConfig *cc.CreateConfig, runtime *libpod.Runtime) (bool, int, error) {
if os.Geteuid() == 0 {
return false, 0, nil
@@ -833,5 +838,19 @@ func joinOrCreateRootlessUserNamespace(createConfig *cc.CreateConfig, runtime *l
}
}
+ namespaces := []namespace{createConfig.IpcMode, createConfig.NetMode, createConfig.UsernsMode, createConfig.PidMode, createConfig.UtsMode}
+ for _, i := range namespaces {
+ if i.IsContainer() {
+ ctr, err := runtime.LookupContainer(i.Container())
+ if err != nil {
+ return false, -1, err
+ }
+ pid, err := ctr.PID()
+ if err != nil {
+ return false, -1, err
+ }
+ return rootless.JoinNS(uint(pid))
+ }
+ }
return rootless.BecomeRootInUserNS()
}