aboutsummaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2019-04-04 09:21:09 -0700
committerGitHub <noreply@github.com>2019-04-04 09:21:09 -0700
commit1759eb09e1c13bc8392d515d69ca93226d067c73 (patch)
treec769a191ec8cfb779a76ebcbc2e8638dbd56f549 /libpod
parent71555a9ea015ebc1bf872a502d254e0b903ffcb4 (diff)
parent72382a12a7b5ac85e53474dfd6dcd83cd64a2738 (diff)
downloadpodman-1759eb09e1c13bc8392d515d69ca93226d067c73.tar.gz
podman-1759eb09e1c13bc8392d515d69ca93226d067c73.tar.bz2
podman-1759eb09e1c13bc8392d515d69ca93226d067c73.zip
Merge pull request #2706 from giuseppe/rootless-single-usernamespace
rootless: single user namespace
Diffstat (limited to 'libpod')
-rw-r--r--libpod/runtime.go30
-rw-r--r--libpod/runtime_ctr.go33
2 files changed, 3 insertions, 60 deletions
diff --git a/libpod/runtime.go b/libpod/runtime.go
index 6e54de558..4dd2707e8 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -4,7 +4,6 @@ import (
"fmt"
"io/ioutil"
"os"
- "os/exec"
"path/filepath"
"sync"
"syscall"
@@ -742,7 +741,7 @@ func makeRuntime(runtime *Runtime) (err error) {
// Set up containers/storage
var store storage.Store
- if rootless.SkipStorageSetup() {
+ if os.Geteuid() != 0 {
logrus.Debug("Not configuring container store")
} else {
store, err = storage.GetStore(runtime.config.StorageConfig)
@@ -926,16 +925,8 @@ func makeRuntime(runtime *Runtime) (err error) {
// If we need to refresh the state, do it now - things are guaranteed to
// be set up by now.
if doRefresh {
- if os.Geteuid() != 0 {
- aliveLock.Unlock()
- locked = false
- if err2 := runtime.refreshRootless(); err2 != nil {
- return err2
- }
- } else {
- if err2 := runtime.refresh(runtimeAliveFile); err2 != nil {
- return err2
- }
+ if err2 := runtime.refresh(runtimeAliveFile); err2 != nil {
+ return err2
}
}
@@ -1009,21 +1000,6 @@ func (r *Runtime) Shutdown(force bool) error {
return lastError
}
-// Reconfigures the runtime after a reboot for a rootless process
-func (r *Runtime) refreshRootless() error {
- // Take advantage of a command that requires a new userns
- // so that we are running as the root user and able to use refresh()
- cmd := exec.Command(os.Args[0], "info")
-
- if output, err := cmd.CombinedOutput(); err != nil {
- if _, ok := err.(*exec.ExitError); !ok {
- return errors.Wrapf(err, "Error waiting for info while refreshing state: %s", os.Args[0])
- }
- return errors.Wrapf(err, "Error running %s info while refreshing state: %s", os.Args[0], output)
- }
- return nil
-}
-
// Reconfigures the runtime after a reboot
// Refreshes the state, recreating temporary files
// Does not check validity as the runtime is not valid until after this has run
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index 506aee477..da2399685 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -2,11 +2,9 @@ package libpod
import (
"context"
- "io/ioutil"
"os"
"path"
"path/filepath"
- "strconv"
"strings"
"time"
@@ -564,37 +562,6 @@ func (r *Runtime) Export(name string, path string) error {
if err != nil {
return err
}
- if os.Geteuid() != 0 {
- state, err := ctr.State()
- if err != nil {
- return errors.Wrapf(err, "cannot read container state %q", ctr.ID())
- }
- if state == ContainerStateRunning || state == ContainerStatePaused {
- data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile)
- if err != nil {
- return errors.Wrapf(err, "cannot read conmon PID file %q", ctr.Config().ConmonPidFile)
- }
- conmonPid, err := strconv.Atoi(string(data))
- if err != nil {
- return errors.Wrapf(err, "cannot parse PID %q", data)
- }
- became, ret, err := rootless.JoinDirectUserAndMountNS(uint(conmonPid))
- if err != nil {
- return err
- }
- if became {
- os.Exit(ret)
- }
- } else {
- became, ret, err := rootless.BecomeRootInUserNS()
- if err != nil {
- return err
- }
- if became {
- os.Exit(ret)
- }
- }
- }
return ctr.Export(path)
}