diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2018-12-19 18:08:15 +0100 |
|---|---|---|
| committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2018-12-21 09:46:06 +0100 |
| commit | d389ac45e5b7208bbfb776d6724223f3bffb3e1b (patch) | |
| tree | 9f217845aba0d1888239066ac48c097fc8eac7e1 /cmd | |
| parent | f2e96b0934a6d1b3aac8a1d931e790c6226dd4e0 (diff) | |
| download | podman-d389ac45e5b7208bbfb776d6724223f3bffb3e1b.tar.gz podman-d389ac45e5b7208bbfb776d6724223f3bffb3e1b.tar.bz2 podman-d389ac45e5b7208bbfb776d6724223f3bffb3e1b.zip | |
export: fix usage with rootless containers
Fix usage of export when rootless containers are used without vfs. We
join the conmon process namespaces as the container is running in a
different one.
There can be a problem if the user specify a different path for the
conmon process, and then the file is deleted. In this case podman
won't be able to find the conmon process to join.
Closes: https://github.com/containers/libpod/issues/2027
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/podman/export.go | 39 | ||||
| -rw-r--r-- | cmd/podman/main.go | 1 |
2 files changed, 40 insertions, 0 deletions
diff --git a/cmd/podman/export.go b/cmd/podman/export.go index 667b8d012..c0e63bd2a 100644 --- a/cmd/podman/export.go +++ b/cmd/podman/export.go @@ -1,9 +1,13 @@ package main import ( + "io/ioutil" "os" + "strconv" "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod" + "github.com/containers/libpod/pkg/rootless" "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/urfave/cli" @@ -35,6 +39,9 @@ func exportCmd(c *cli.Context) error { if err := validateFlags(c, exportFlags); err != nil { return err } + if os.Geteuid() != 0 { + rootless.SetSkipStorageSetup(true) + } runtime, err := libpodruntime.GetRuntime(c) if err != nil { @@ -66,5 +73,37 @@ func exportCmd(c *cli.Context) error { return errors.Wrapf(err, "error looking up container %q", args[0]) } + if os.Geteuid() != 0 { + state, err := ctr.State() + if err != nil { + return errors.Wrapf(err, "cannot read container state %q", ctr.ID()) + } + if state == libpod.ContainerStateRunning || state == libpod.ContainerStatePaused { + data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile) + if err != nil { + return errors.Wrapf(err, "cannot read conmon PID file %q", ctr.Config().ConmonPidFile) + } + conmonPid, err := strconv.Atoi(string(data)) + if err != nil { + return errors.Wrapf(err, "cannot parse PID %q", data) + } + became, ret, err := rootless.JoinDirectUserAndMountNS(uint(conmonPid)) + if err != nil { + return err + } + if became { + os.Exit(ret) + } + } else { + became, ret, err := rootless.BecomeRootInUserNS() + if err != nil { + return err + } + if became { + os.Exit(ret) + } + } + } + return ctr.Export(output) } diff --git a/cmd/podman/main.go b/cmd/podman/main.go index f47a75761..7ef22a93b 100644 --- a/cmd/podman/main.go +++ b/cmd/podman/main.go @@ -30,6 +30,7 @@ var cmdsNotRequiringRootless = map[string]bool{ "version": true, "create": true, "exec": true, + "export": true, // `info` must be executed in an user namespace. // If this change, please also update libpod.refreshRootless() "login": true, |