diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-06-02 20:51:13 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-06-02 20:51:13 +0200 |
| commit | c4ccd7cbc1509bab6183c47f740cbf2cc4ee0424 (patch) | |
| tree | e93a98054a8cb3f956aaf94b96705371f80cbdcc /cmd | |
| parent | 37ac21ff085b6e17adec3c0d9945524aa41029ae (diff) | |
| parent | 77e4b077b9d8989b1300689103a5489bd1ad9a8b (diff) | |
| download | podman-c4ccd7cbc1509bab6183c47f740cbf2cc4ee0424.tar.gz podman-c4ccd7cbc1509bab6183c47f740cbf2cc4ee0424.tar.bz2 podman-c4ccd7cbc1509bab6183c47f740cbf2cc4ee0424.zip | |
Merge pull request #6435 from QiWang19/uid
check --user range for rootless containers
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/podman/containers/run.go | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/cmd/podman/containers/run.go b/cmd/podman/containers/run.go index 890c6e827..8a02c63c0 100644 --- a/cmd/podman/containers/run.go +++ b/cmd/podman/containers/run.go @@ -3,6 +3,7 @@ package containers import ( "fmt" "os" + "strconv" "strings" "github.com/containers/libpod/cmd/podman/common" @@ -10,7 +11,9 @@ import ( "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/pkg/domain/entities" "github.com/containers/libpod/pkg/errorhandling" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/pkg/specgen" + "github.com/containers/libpod/pkg/util" "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/cobra" @@ -92,6 +95,15 @@ func run(cmd *cobra.Command, args []string) error { return err } + if rootless.IsRootless() && !registry.IsRemote() { + userspec := strings.SplitN(cliVals.User, ":", 2)[0] + if uid, err := strconv.ParseInt(userspec, 10, 32); err == nil { + if err := util.CheckRootlessUIDRange(int(uid)); err != nil { + return err + } + } + } + if af := cliVals.Authfile; len(af) > 0 { if _, err := os.Stat(af); err != nil { return errors.Wrapf(err, "error checking authfile path %s", af) |