aboutsummaryrefslogtreecommitdiff
path: root/cmd/podman
diff options
context:
space:
mode:
authorJhon Honce <jhonce@redhat.com>2020-04-30 12:14:57 -0700
committerJhon Honce <jhonce@redhat.com>2020-04-30 12:14:57 -0700
commit399939a3de0740054d7d0f9fc97ab2466beb9916 (patch)
treec31b1b3cb55cec1ebea76841378c334a06e4c5c2 /cmd/podman
parent6900517f109d78ed5a9b794666b7d97782cf6ce9 (diff)
downloadpodman-399939a3de0740054d7d0f9fc97ab2466beb9916.tar.gz
podman-399939a3de0740054d7d0f9fc97ab2466beb9916.tar.bz2
podman-399939a3de0740054d7d0f9fc97ab2466beb9916.zip
V2 Commands that require ParentNS (rootful) are report error
* Updated unmount to require ParentNS Signed-off-by: Jhon Honce <jhonce@redhat.com>
Diffstat (limited to 'cmd/podman')
-rw-r--r--cmd/podman/containers/unmount.go3
-rw-r--r--cmd/podman/main.go11
2 files changed, 14 insertions, 0 deletions
diff --git a/cmd/podman/containers/unmount.go b/cmd/podman/containers/unmount.go
index a4550abbd..7b6eb5553 100644
--- a/cmd/podman/containers/unmount.go
+++ b/cmd/podman/containers/unmount.go
@@ -27,6 +27,9 @@ var (
Args: func(cmd *cobra.Command, args []string) error {
return parse.CheckAllLatestAndCIDFile(cmd, args, false, false)
},
+ Annotations: map[string]string{
+ registry.ParentNSRequired: "",
+ },
Example: `podman umount ctrID
podman umount ctrID1 ctrID2 ctrID3
podman umount --all`,
diff --git a/cmd/podman/main.go b/cmd/podman/main.go
index 481214a38..3a8958b6d 100644
--- a/cmd/podman/main.go
+++ b/cmd/podman/main.go
@@ -1,6 +1,7 @@
package main
import (
+ "fmt"
"os"
_ "github.com/containers/libpod/cmd/podman/containers"
@@ -12,7 +13,9 @@ import (
"github.com/containers/libpod/cmd/podman/registry"
_ "github.com/containers/libpod/cmd/podman/system"
_ "github.com/containers/libpod/cmd/podman/volumes"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/containers/storage/pkg/reexec"
+ "github.com/spf13/cobra"
)
func main() {
@@ -26,6 +29,14 @@ func main() {
for _, c := range registry.Commands {
for _, m := range c.Mode {
if cfg.EngineMode == m {
+ // Command cannot be run rootless
+ _, found := c.Command.Annotations[registry.ParentNSRequired]
+ if rootless.IsRootless() && found {
+ c.Command.RunE = func(cmd *cobra.Command, args []string) error {
+ return fmt.Errorf("cannot `%s` in rootless mode", cmd.CommandPath())
+ }
+ }
+
parent := rootCmd
if c.Parent != nil {
parent = c.Parent