diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2019-09-23 21:15:26 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-09-23 21:15:26 +0200 |
commit | f5951c7305306967a89de09d957ccd5699ec3f85 (patch) | |
tree | 2a68b480d48c7e230a81db1053e8c1a6f4128513 /libpod | |
parent | a74dfdadd7cc02959c2a142658bedabdc4a607a3 (diff) | |
parent | 497678d9e348d10027b0b71de41a6aea11e5aba2 (diff) | |
download | podman-f5951c7305306967a89de09d957ccd5699ec3f85.tar.gz podman-f5951c7305306967a89de09d957ccd5699ec3f85.tar.bz2 podman-f5951c7305306967a89de09d957ccd5699ec3f85.zip |
Merge pull request #4074 from giuseppe/override-etc-passwd-group
execuser: look at the source for /etc/{passwd,group} overrides
Diffstat (limited to 'libpod')
-rw-r--r-- | libpod/container_internal_linux.go | 27 | ||||
-rw-r--r-- | libpod/oci_internal_linux.go | 22 |
2 files changed, 44 insertions, 5 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 355b9bea4..230b5b888 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -181,6 +181,30 @@ func (c *Container) cleanupNetwork() error { return nil } +func (c *Container) getUserOverrides() *lookup.Overrides { + var hasPasswdFile, hasGroupFile bool + overrides := lookup.Overrides{} + for _, m := range c.config.Spec.Mounts { + if m.Destination == "/etc/passwd" { + overrides.ContainerEtcPasswdPath = m.Source + hasPasswdFile = true + } + if m.Destination == "/etc/group" { + overrides.ContainerEtcGroupPath = m.Source + hasGroupFile = true + } + if m.Destination == "/etc" { + if !hasPasswdFile { + overrides.ContainerEtcPasswdPath = filepath.Join(m.Source, "passwd") + } + if !hasGroupFile { + overrides.ContainerEtcGroupPath = filepath.Join(m.Source, "group") + } + } + } + return &overrides +} + // Generate spec for a container // Accepts a map of the container's dependencies func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { @@ -188,7 +212,8 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { span.SetTag("type", "container") defer span.Finish() - execUser, err := lookup.GetUserGroupInfo(c.state.Mountpoint, c.config.User, nil) + overrides := c.getUserOverrides() + execUser, err := lookup.GetUserGroupInfo(c.state.Mountpoint, c.config.User, overrides) if err != nil { return nil, err } diff --git a/libpod/oci_internal_linux.go b/libpod/oci_internal_linux.go index 4df1e4010..a90af32ed 100644 --- a/libpod/oci_internal_linux.go +++ b/libpod/oci_internal_linux.go @@ -200,13 +200,16 @@ func prepareProcessExec(c *Container, cmd, env []string, tty bool, cwd, user, se pspec.Cwd = cwd } + + overrides := c.getUserOverrides() + execUser, err := lookup.GetUserGroupInfo(c.state.Mountpoint, user, overrides) + if err != nil { + return nil, err + } + // If user was set, look it up in the container to get a UID to use on // the host if user != "" { - execUser, err := lookup.GetUserGroupInfo(c.state.Mountpoint, user, nil) - if err != nil { - return nil, err - } sgids := make([]uint32, 0, len(execUser.Sgids)) for _, sgid := range execUser.Sgids { sgids = append(sgids, uint32(sgid)) @@ -220,6 +223,17 @@ func prepareProcessExec(c *Container, cmd, env []string, tty bool, cwd, user, se pspec.User = processUser } + hasHomeSet := false + for _, s := range pspec.Env { + if strings.HasPrefix(s, "HOME=") { + hasHomeSet = true + break + } + } + if !hasHomeSet { + pspec.Env = append(pspec.Env, fmt.Sprintf("HOME=%s", execUser.Home)) + } + processJSON, err := json.Marshal(pspec) if err != nil { return nil, err |