diff options
| author | openshift-ci[bot] <75433959+openshift-ci[bot]@users.noreply.github.com> | 2022-06-29 19:32:26 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-06-29 19:32:26 +0000 |
| commit | d6cdb996bce10eb050e41b2050aaf52d9bfd3bd0 (patch) | |
| tree | 1d1f7c41596c1af686f51a8bca4711f43197ad89 /cmd/podman | |
| parent | 35aa994d124675a039c89f65fb4b1c684b79b89e (diff) | |
| parent | d9ff0fd15da268fae9744a60522ecdf94744b74a (diff) | |
| download | podman-d6cdb996bce10eb050e41b2050aaf52d9bfd3bd0.tar.gz podman-d6cdb996bce10eb050e41b2050aaf52d9bfd3bd0.tar.bz2 podman-d6cdb996bce10eb050e41b2050aaf52d9bfd3bd0.zip | |
Merge pull request #14706 from ashley-cui/rootmach
Only allow Rootless runs of Podman Machine
Diffstat (limited to 'cmd/podman')
| -rw-r--r-- | cmd/podman/machine/init.go | 1 | ||||
| -rw-r--r-- | cmd/podman/machine/inspect.go | 1 | ||||
| -rw-r--r-- | cmd/podman/machine/list.go | 1 | ||||
| -rw-r--r-- | cmd/podman/machine/machine.go | 9 | ||||
| -rw-r--r-- | cmd/podman/machine/rm.go | 1 | ||||
| -rw-r--r-- | cmd/podman/machine/set.go | 1 | ||||
| -rw-r--r-- | cmd/podman/machine/ssh.go | 9 | ||||
| -rw-r--r-- | cmd/podman/machine/start.go | 1 | ||||
| -rw-r--r-- | cmd/podman/machine/stop.go | 1 |
9 files changed, 21 insertions, 4 deletions
diff --git a/cmd/podman/machine/init.go b/cmd/podman/machine/init.go index 9d464ad37..f9ba7b30d 100644 --- a/cmd/podman/machine/init.go +++ b/cmd/podman/machine/init.go @@ -20,6 +20,7 @@ var ( Use: "init [options] [NAME]", Short: "Initialize a virtual machine", Long: "initialize a virtual machine ", + PersistentPreRunE: rootlessOnly, RunE: initMachine, Args: cobra.MaximumNArgs(1), Example: `podman machine init myvm`, diff --git a/cmd/podman/machine/inspect.go b/cmd/podman/machine/inspect.go index 4600a2b6d..d69c382f2 100644 --- a/cmd/podman/machine/inspect.go +++ b/cmd/podman/machine/inspect.go @@ -20,6 +20,7 @@ var ( Use: "inspect [options] [MACHINE...]", Short: "Inspect an existing machine", Long: "Provide details on a managed virtual machine", + PersistentPreRunE: rootlessOnly, RunE: inspect, Example: `podman machine inspect myvm`, ValidArgsFunction: autocompleteMachine, diff --git a/cmd/podman/machine/list.go b/cmd/podman/machine/list.go index 1ffb8690c..f904c0caa 100644 --- a/cmd/podman/machine/list.go +++ b/cmd/podman/machine/list.go @@ -27,6 +27,7 @@ var ( Aliases: []string{"ls"}, Short: "List machines", Long: "List managed virtual machines.", + PersistentPreRunE: rootlessOnly, RunE: list, Args: validate.NoArgs, ValidArgsFunction: completion.AutocompleteNone, diff --git a/cmd/podman/machine/machine.go b/cmd/podman/machine/machine.go index 5a8a06b9d..d3d44b45e 100644 --- a/cmd/podman/machine/machine.go +++ b/cmd/podman/machine/machine.go @@ -5,6 +5,7 @@ package machine import ( "errors" + "fmt" "net" "os" "path/filepath" @@ -17,6 +18,7 @@ import ( "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/libpod/events" "github.com/containers/podman/v4/pkg/machine" + "github.com/containers/podman/v4/pkg/rootless" "github.com/containers/podman/v4/pkg/util" "github.com/sirupsen/logrus" "github.com/spf13/cobra" @@ -162,3 +164,10 @@ func closeMachineEvents(cmd *cobra.Command, _ []string) error { } return nil } + +func rootlessOnly(cmd *cobra.Command, args []string) error { + if !rootless.IsRootless() { + return fmt.Errorf("cannot run command %q as root", cmd.CommandPath()) + } + return nil +} diff --git a/cmd/podman/machine/rm.go b/cmd/podman/machine/rm.go index a6e66265c..362c9a7d3 100644 --- a/cmd/podman/machine/rm.go +++ b/cmd/podman/machine/rm.go @@ -20,6 +20,7 @@ var ( Use: "rm [options] [MACHINE]", Short: "Remove an existing machine", Long: "Remove a managed virtual machine ", + PersistentPreRunE: rootlessOnly, RunE: rm, Args: cobra.MaximumNArgs(1), Example: `podman machine rm myvm`, diff --git a/cmd/podman/machine/set.go b/cmd/podman/machine/set.go index 5777882da..1b9e1b2bd 100644 --- a/cmd/podman/machine/set.go +++ b/cmd/podman/machine/set.go @@ -18,6 +18,7 @@ var ( Use: "set [options] [NAME]", Short: "Sets a virtual machine setting", Long: "Sets an updatable virtual machine setting", + PersistentPreRunE: rootlessOnly, RunE: setMachine, Args: cobra.MaximumNArgs(1), Example: `podman machine set --rootful=false`, diff --git a/cmd/podman/machine/ssh.go b/cmd/podman/machine/ssh.go index 8261f3607..38b8914fb 100644 --- a/cmd/podman/machine/ssh.go +++ b/cmd/podman/machine/ssh.go @@ -17,10 +17,11 @@ import ( var ( sshCmd = &cobra.Command{ - Use: "ssh [options] [NAME] [COMMAND [ARG ...]]", - Short: "SSH into an existing machine", - Long: "SSH into a managed virtual machine ", - RunE: ssh, + Use: "ssh [options] [NAME] [COMMAND [ARG ...]]", + Short: "SSH into an existing machine", + Long: "SSH into a managed virtual machine ", + PersistentPreRunE: rootlessOnly, + RunE: ssh, Example: `podman machine ssh myvm podman machine ssh myvm echo hello`, ValidArgsFunction: autocompleteMachineSSH, diff --git a/cmd/podman/machine/start.go b/cmd/podman/machine/start.go index 3bd7f4a25..e645bba87 100644 --- a/cmd/podman/machine/start.go +++ b/cmd/podman/machine/start.go @@ -18,6 +18,7 @@ var ( Use: "start [MACHINE]", Short: "Start an existing machine", Long: "Start a managed virtual machine ", + PersistentPreRunE: rootlessOnly, RunE: start, Args: cobra.MaximumNArgs(1), Example: `podman machine start myvm`, diff --git a/cmd/podman/machine/stop.go b/cmd/podman/machine/stop.go index 993662792..ce87a44c4 100644 --- a/cmd/podman/machine/stop.go +++ b/cmd/podman/machine/stop.go @@ -17,6 +17,7 @@ var ( Use: "stop [MACHINE]", Short: "Stop an existing machine", Long: "Stop a managed virtual machine ", + PersistentPreRunE: rootlessOnly, RunE: stop, Args: cobra.MaximumNArgs(1), Example: `podman machine stop myvm`, |