diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2019-03-11 10:01:25 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-03-11 10:01:25 -0700 |
commit | 6421208e0f6ff1fba58eafdab12e897b5ed12e3b (patch) | |
tree | d2a44ec8b92d343d675027f524738875191027d8 /pkg/adapter | |
parent | f5afe88098d8825ea63ccb63875d48edab0eb111 (diff) | |
parent | 231129e4dc083d9f63cf1876cc1695f7f8c03f25 (diff) | |
download | podman-6421208e0f6ff1fba58eafdab12e897b5ed12e3b.tar.gz podman-6421208e0f6ff1fba58eafdab12e897b5ed12e3b.tar.bz2 podman-6421208e0f6ff1fba58eafdab12e897b5ed12e3b.zip |
Merge pull request #2583 from giuseppe/rootless-fix-pod-rm
rootless: fix stop and rm when the container is running with uid != 0
Diffstat (limited to 'pkg/adapter')
-rw-r--r-- | pkg/adapter/runtime.go | 40 | ||||
-rw-r--r-- | pkg/adapter/runtime_remote.go | 7 |
2 files changed, 47 insertions, 0 deletions
diff --git a/pkg/adapter/runtime.go b/pkg/adapter/runtime.go index 732b89530..482b6119a 100644 --- a/pkg/adapter/runtime.go +++ b/pkg/adapter/runtime.go @@ -337,3 +337,43 @@ func IsImageNotFound(err error) bool { func (r *LocalRuntime) HealthCheck(c *cliconfig.HealthCheckValues) (libpod.HealthCheckStatus, error) { return r.Runtime.HealthCheck(c.InputArgs[0]) } + +// JoinOrCreateRootlessPod joins the specified pod if it is running or it creates a new user namespace +// if the pod is stopped +func (r *LocalRuntime) JoinOrCreateRootlessPod(pod *Pod) (bool, int, error) { + if os.Geteuid() == 0 { + return false, 0, nil + } + opts := rootless.Opts{ + Argument: pod.ID(), + } + + inspect, err := pod.Inspect() + if err != nil { + return false, 0, err + } + for _, ctr := range inspect.Containers { + prevCtr, err := r.LookupContainer(ctr.ID) + if err != nil { + return false, -1, err + } + s, err := prevCtr.State() + if err != nil { + return false, -1, err + } + if s != libpod.ContainerStateRunning && s != libpod.ContainerStatePaused { + continue + } + data, err := ioutil.ReadFile(prevCtr.Config().ConmonPidFile) + if err != nil { + return false, -1, errors.Wrapf(err, "cannot read conmon PID file %q", prevCtr.Config().ConmonPidFile) + } + conmonPid, err := strconv.Atoi(string(data)) + if err != nil { + return false, -1, errors.Wrapf(err, "cannot parse PID %q", data) + } + return rootless.JoinDirectUserAndMountNSWithOpts(uint(conmonPid), &opts) + } + + return rootless.BecomeRootInUserNSWithOpts(&opts) +} diff --git a/pkg/adapter/runtime_remote.go b/pkg/adapter/runtime_remote.go index 10c25c3f3..9ca4e245f 100644 --- a/pkg/adapter/runtime_remote.go +++ b/pkg/adapter/runtime_remote.go @@ -751,3 +751,10 @@ func IsImageNotFound(err error) bool { func (r *LocalRuntime) HealthCheck(c *cliconfig.HealthCheckValues) (libpod.HealthCheckStatus, error) { return -1, libpod.ErrNotImplemented } + +// JoinOrCreateRootlessPod joins the specified pod if it is running or it creates a new user namespace +// if the pod is stopped +func (r *LocalRuntime) JoinOrCreateRootlessPod(pod *Pod) (bool, int, error) { + // Nothing to do in the remote case + return true, 0, nil +} |