summaryrefslogtreecommitdiff
path: root/cmd/podman
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2018-12-19 18:08:15 +0100
committerGiuseppe Scrivano <gscrivan@redhat.com>2018-12-21 09:46:06 +0100
commitd389ac45e5b7208bbfb776d6724223f3bffb3e1b (patch)
tree9f217845aba0d1888239066ac48c097fc8eac7e1 /cmd/podman
parentf2e96b0934a6d1b3aac8a1d931e790c6226dd4e0 (diff)
downloadpodman-d389ac45e5b7208bbfb776d6724223f3bffb3e1b.tar.gz
podman-d389ac45e5b7208bbfb776d6724223f3bffb3e1b.tar.bz2
podman-d389ac45e5b7208bbfb776d6724223f3bffb3e1b.zip
export: fix usage with rootless containers
Fix usage of export when rootless containers are used without vfs. We join the conmon process namespaces as the container is running in a different one. There can be a problem if the user specify a different path for the conmon process, and then the file is deleted. In this case podman won't be able to find the conmon process to join. Closes: https://github.com/containers/libpod/issues/2027 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'cmd/podman')
-rw-r--r--cmd/podman/export.go39
-rw-r--r--cmd/podman/main.go1
2 files changed, 40 insertions, 0 deletions
diff --git a/cmd/podman/export.go b/cmd/podman/export.go
index 667b8d012..c0e63bd2a 100644
--- a/cmd/podman/export.go
+++ b/cmd/podman/export.go
@@ -1,9 +1,13 @@
package main
import (
+ "io/ioutil"
"os"
+ "strconv"
"github.com/containers/libpod/cmd/podman/libpodruntime"
+ "github.com/containers/libpod/libpod"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/urfave/cli"
@@ -35,6 +39,9 @@ func exportCmd(c *cli.Context) error {
if err := validateFlags(c, exportFlags); err != nil {
return err
}
+ if os.Geteuid() != 0 {
+ rootless.SetSkipStorageSetup(true)
+ }
runtime, err := libpodruntime.GetRuntime(c)
if err != nil {
@@ -66,5 +73,37 @@ func exportCmd(c *cli.Context) error {
return errors.Wrapf(err, "error looking up container %q", args[0])
}
+ if os.Geteuid() != 0 {
+ state, err := ctr.State()
+ if err != nil {
+ return errors.Wrapf(err, "cannot read container state %q", ctr.ID())
+ }
+ if state == libpod.ContainerStateRunning || state == libpod.ContainerStatePaused {
+ data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile)
+ if err != nil {
+ return errors.Wrapf(err, "cannot read conmon PID file %q", ctr.Config().ConmonPidFile)
+ }
+ conmonPid, err := strconv.Atoi(string(data))
+ if err != nil {
+ return errors.Wrapf(err, "cannot parse PID %q", data)
+ }
+ became, ret, err := rootless.JoinDirectUserAndMountNS(uint(conmonPid))
+ if err != nil {
+ return err
+ }
+ if became {
+ os.Exit(ret)
+ }
+ } else {
+ became, ret, err := rootless.BecomeRootInUserNS()
+ if err != nil {
+ return err
+ }
+ if became {
+ os.Exit(ret)
+ }
+ }
+ }
+
return ctr.Export(output)
}
diff --git a/cmd/podman/main.go b/cmd/podman/main.go
index f47a75761..7ef22a93b 100644
--- a/cmd/podman/main.go
+++ b/cmd/podman/main.go
@@ -30,6 +30,7 @@ var cmdsNotRequiringRootless = map[string]bool{
"version": true,
"create": true,
"exec": true,
+ "export": true,
// `info` must be executed in an user namespace.
// If this change, please also update libpod.refreshRootless()
"login": true,