diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2018-06-01 13:25:19 +0200 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-06-15 14:53:18 +0000 |
| commit | 4086a0f7371dbe5ea104dafe83aadb77b969c0ba (patch) | |
| tree | 8a83cc87f34b065a855aefc5748ee45960980b11 /libpod | |
| parent | a1ec6747f187ff2dbc1256cb5c11c5775324f2e2 (diff) | |
| download | podman-4086a0f7371dbe5ea104dafe83aadb77b969c0ba.tar.gz podman-4086a0f7371dbe5ea104dafe83aadb77b969c0ba.tar.bz2 podman-4086a0f7371dbe5ea104dafe83aadb77b969c0ba.zip | |
podman: use a different store for the rootless case
so that the user has rw access to it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #871
Approved by: mheon
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/container_internal.go | 4 | ||||
| -rw-r--r-- | libpod/runtime.go | 35 |
2 files changed, 37 insertions, 2 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 30dbf52e6..bd0074e56 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -1296,7 +1296,9 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { g.AddProcessEnv("container", "libpod") } - if c.runtime.config.CgroupManager == SystemdCgroupsManager { + if os.Getuid() != 0 { + g.SetLinuxCgroupsPath("") + } else if c.runtime.config.CgroupManager == SystemdCgroupsManager { // When runc is set to use Systemd as a cgroup manager, it // expects cgroups to be passed as follows: // slice:prefix:name diff --git a/libpod/runtime.go b/libpod/runtime.go index 05b8134b8..5d4b895cb 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -2,10 +2,12 @@ package libpod import ( "bytes" + "fmt" "io/ioutil" "os" "path/filepath" "sync" + "syscall" "github.com/BurntSushi/toml" is "github.com/containers/image/storage" @@ -164,7 +166,7 @@ var ( CgroupManager: CgroupfsCgroupsManager, HooksDir: hooks.DefaultDir, StaticDir: filepath.Join(storage.DefaultStoreOptions.GraphRoot, "libpod"), - TmpDir: "/var/run/libpod", + TmpDir: getDefaultTmpDir(), MaxLogSize: -1, NoPivotRoot: false, CNIConfigDir: "/etc/cni/net.d/", @@ -172,6 +174,37 @@ var ( } ) +// GetRootlessRuntimeDir returns the runtime directory when running as non root +func GetRootlessRuntimeDir() string { + hasNoEnv := false + runtimeDir := os.Getenv("XDG_RUNTIME_DIR") + if runtimeDir == "" { + hasNoEnv = true + tmpDir := filepath.Join(os.TempDir(), "user", fmt.Sprintf("%d", os.Getuid())) + os.MkdirAll(tmpDir, 0700) + st, err := os.Stat(tmpDir) + if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Getuid() && st.Mode().Perm() == 0700 { + runtimeDir = tmpDir + } + } + if runtimeDir == "" { + runtimeDir = filepath.Join(os.Getenv("HOME"), "rundir") + } + if hasNoEnv { + os.Setenv("XDG_RUNTIME_DIR", runtimeDir) + } + return runtimeDir +} + +func getDefaultTmpDir() string { + if os.Getuid() == 0 { + return "/var/run/libpod" + } + + rootlessRuntimeDir := GetRootlessRuntimeDir() + return filepath.Join(rootlessRuntimeDir, "libpod", "tmp") +} + // NewRuntime creates a new container runtime // Options can be passed to override the default configuration for the runtime func NewRuntime(options ...RuntimeOption) (runtime *Runtime, err error) { |