diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2021-05-13 08:45:29 -0400 |
---|---|---|
committer | Daniel J Walsh <dwalsh@redhat.com> | 2021-05-19 07:55:48 -0400 |
commit | bc0e12a047cce2cc717320257545663073383f48 (patch) | |
tree | ca6e4710bd3b6894c736b33f45199bd9519f012d /libpod/container_copy_linux.go | |
parent | 18efc5a3a78ba7352e42517ba251212833b4583d (diff) | |
download | podman-bc0e12a047cce2cc717320257545663073383f48.tar.gz podman-bc0e12a047cce2cc717320257545663073383f48.tar.bz2 podman-bc0e12a047cce2cc717320257545663073383f48.zip |
Fix problem copying files when container is in host pid namespace
When attempting to copy files into and out of running containers
within the host pidnamespace, the code was attempting to join the
host pidns again, and getting an error. This was causing the podman
cp command to fail. Since we are already in the host pid namespace,
we should not be attempting to join. This PR adds a check to see if
the container is in NOT host pid namespace, and only then attempts to
join.
Fixes: https://github.com/containers/podman/issues/9985
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'libpod/container_copy_linux.go')
-rw-r--r-- | libpod/container_copy_linux.go | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/libpod/container_copy_linux.go b/libpod/container_copy_linux.go index 5c275c641..0ab322829 100644 --- a/libpod/container_copy_linux.go +++ b/libpod/container_copy_linux.go @@ -237,21 +237,32 @@ func (c *Container) joinMountAndExec(ctx context.Context, f func() error) error } defer mountFD.Close() - pidFD, err := getFD(PIDNS) + inHostPidNS, err := c.inHostPidNS() if err != nil { - errChan <- err + errChan <- errors.Wrap(err, "checking inHostPidNS") return } - defer pidFD.Close() - if err := unix.Unshare(unix.CLONE_NEWNS); err != nil { - errChan <- err - return + var pidFD *os.File + if !inHostPidNS { + pidFD, err = getFD(PIDNS) + if err != nil { + errChan <- err + return + } + defer pidFD.Close() } - if err := unix.Setns(int(pidFD.Fd()), unix.CLONE_NEWPID); err != nil { + + if err := unix.Unshare(unix.CLONE_NEWNS); err != nil { errChan <- err return } + if pidFD != nil { + if err := unix.Setns(int(pidFD.Fd()), unix.CLONE_NEWPID); err != nil { + errChan <- err + return + } + } if err := unix.Setns(int(mountFD.Fd()), unix.CLONE_NEWNS); err != nil { errChan <- err return |