aboutsummaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2018-06-11 16:03:34 +0200
committerAtomic Bot <atomic-devel@projectatomic.io>2018-06-27 14:07:17 +0000
commit5ff90677c83b78366554493e10f7615119f7e0a1 (patch)
tree094685755b891f5813a458cfadb5374e68f732fb /libpod
parent8ee8f847340c3ac2264e183655fb7cdcbbfbb2cd (diff)
downloadpodman-5ff90677c83b78366554493e10f7615119f7e0a1.tar.gz
podman-5ff90677c83b78366554493e10f7615119f7e0a1.tar.bz2
podman-5ff90677c83b78366554493e10f7615119f7e0a1.zip
rootless: add management for the userNS
When running podman as non root user always create an userNS and let the OCI runtime use it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #936 Approved by: rhatdan
Diffstat (limited to 'libpod')
-rw-r--r--libpod/container_internal.go23
-rw-r--r--libpod/runtime.go5
2 files changed, 13 insertions, 15 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 6531d5de0..3d94fa871 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -29,6 +29,7 @@ import (
"github.com/projectatomic/libpod/pkg/chrootuser"
"github.com/projectatomic/libpod/pkg/hooks"
"github.com/projectatomic/libpod/pkg/hooks/exec"
+ "github.com/projectatomic/libpod/pkg/rootless"
"github.com/projectatomic/libpod/pkg/secrets"
"github.com/projectatomic/libpod/pkg/util"
"github.com/sirupsen/logrus"
@@ -235,7 +236,7 @@ func (c *Container) setupStorage(ctx context.Context) error {
return errors.Wrapf(err, "error creating container storage")
}
- if os.Getuid() == 0 && (len(c.config.IDMappings.UIDMap) != 0 || len(c.config.IDMappings.GIDMap) != 0) {
+ if !rootless.IsRootless() && (len(c.config.IDMappings.UIDMap) != 0 || len(c.config.IDMappings.GIDMap) != 0) {
info, err := os.Stat(c.runtime.config.TmpDir)
if err != nil {
return errors.Wrapf(err, "cannot stat `%s`", c.runtime.config.TmpDir)
@@ -531,7 +532,7 @@ func (c *Container) completeNetworkSetup() error {
if !c.config.PostConfigureNetNS {
return nil
}
- if os.Getuid() != 0 {
+ if rootless.IsRootless() {
return nil
}
if err := c.syncContainer(); err != nil {
@@ -734,7 +735,7 @@ func (c *Container) mountStorage() (err error) {
return nil
}
- if os.Getuid() == 0 {
+ if !rootless.IsRootless() {
// TODO: generalize this mount code so it will mount every mount in ctr.config.Mounts
mounted, err := mount.Mounted(c.config.ShmDir)
if err != nil {
@@ -1004,10 +1005,8 @@ func (c *Container) postDeleteHooks(ctx context.Context) (err error) {
// Make standard bind mounts to include in the container
func (c *Container) makeBindMounts() error {
- if os.Getuid() == 0 {
- if err := os.Chown(c.state.RunDir, c.RootUID(), c.RootGID()); err != nil {
- return errors.Wrapf(err, "cannot chown run directory %s", c.state.RunDir)
- }
+ if err := os.Chown(c.state.RunDir, c.RootUID(), c.RootGID()); err != nil {
+ return errors.Wrapf(err, "cannot chown run directory %s", c.state.RunDir)
}
if c.state.BindMounts == nil {
@@ -1084,10 +1083,8 @@ func (c *Container) writeStringToRundir(destFile, output string) (string, error)
return "", errors.Wrapf(err, "unable to create %s", destFileName)
}
defer f.Close()
- if os.Getuid() == 0 {
- if err := f.Chown(c.RootUID(), c.RootGID()); err != nil {
- return "", err
- }
+ if err := f.Chown(c.RootUID(), c.RootGID()); err != nil {
+ return "", err
}
if _, err := f.WriteString(output); err != nil {
@@ -1249,7 +1246,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
}
var err error
- if os.Getuid() == 0 {
+ if !rootless.IsRootless() {
if c.state.ExtensionStageHooks, err = c.setupOCIHooks(ctx, &g); err != nil {
return nil, errors.Wrapf(err, "error setting up OCI Hooks")
}
@@ -1361,7 +1358,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
g.AddProcessEnv("container", "libpod")
}
- if os.Getuid() != 0 {
+ if rootless.IsRootless() {
g.SetLinuxCgroupsPath("")
} else if c.runtime.config.CgroupManager == SystemdCgroupsManager {
// When runc is set to use Systemd as a cgroup manager, it
diff --git a/libpod/runtime.go b/libpod/runtime.go
index 21dd9d024..338a2b436 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -19,6 +19,7 @@ import (
"github.com/projectatomic/libpod/libpod/image"
"github.com/projectatomic/libpod/pkg/hooks"
sysreg "github.com/projectatomic/libpod/pkg/registries"
+ "github.com/projectatomic/libpod/pkg/rootless"
"github.com/sirupsen/logrus"
"github.com/ulule/deepcopier"
)
@@ -197,7 +198,7 @@ func GetRootlessRuntimeDir() string {
}
func getDefaultTmpDir() string {
- if os.Getuid() == 0 {
+ if !rootless.IsRootless() {
return "/var/run/libpod"
}
@@ -216,7 +217,7 @@ func NewRuntime(options ...RuntimeOption) (runtime *Runtime, err error) {
configPath := ConfigPath
foundConfig := true
- if os.Getuid() != 0 {
+ if rootless.IsRootless() {
foundConfig = false
} else if _, err := os.Stat(OverrideConfigPath); err == nil {
// Use the override configuration path