diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-11-08 16:19:57 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-11-08 16:19:57 +0100 |
commit | c9ba1fb7d4565365ee4ad4f852cce13f2072574e (patch) | |
tree | a8cd0830f2c2c351ce87e376718360edee53f1d1 /pkg/domain/infra/abi | |
parent | a58c0bb39ada24ea21204702d07117bf24d24156 (diff) | |
parent | ffa5ed0e0e00f79a1f3b6a88bf9efce3dbb19207 (diff) | |
download | podman-c9ba1fb7d4565365ee4ad4f852cce13f2072574e.tar.gz podman-c9ba1fb7d4565365ee4ad4f852cce13f2072574e.tar.bz2 podman-c9ba1fb7d4565365ee4ad4f852cce13f2072574e.zip |
Merge pull request #11958 from cdoern/scp
Podman Image SCP rootful to rootless transfer
Diffstat (limited to 'pkg/domain/infra/abi')
-rw-r--r-- | pkg/domain/infra/abi/images.go | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go index 7aa202334..5c0227986 100644 --- a/pkg/domain/infra/abi/images.go +++ b/pkg/domain/infra/abi/images.go @@ -6,9 +6,12 @@ import ( "io/ioutil" "net/url" "os" + "os/exec" + "os/user" "path" "path/filepath" "strconv" + "strings" "github.com/containers/common/libimage" "github.com/containers/common/pkg/config" @@ -18,6 +21,7 @@ import ( "github.com/containers/image/v5/signature" "github.com/containers/image/v5/transports" "github.com/containers/image/v5/transports/alltransports" + "github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/pkg/domain/entities" "github.com/containers/podman/v3/pkg/domain/entities/reports" domainUtils "github.com/containers/podman/v3/pkg/domain/utils" @@ -330,6 +334,67 @@ func (ir *ImageEngine) Push(ctx context.Context, source string, destination stri return pushError } +// Transfer moves images from root to rootless storage so the user specified in the scp call can access and use the image modified by root +func (ir *ImageEngine) Transfer(ctx context.Context, scpOpts entities.ImageScpOptions) error { + if scpOpts.User == "" { + return errors.Wrapf(define.ErrInvalidArg, "you must define a user when transferring from root to rootless storage") + } + var u *user.User + scpOpts.User = strings.Split(scpOpts.User, ":")[0] // split in case provided with uid:gid + _, err := strconv.Atoi(scpOpts.User) + if err != nil { + u, err = user.Lookup(scpOpts.User) + if err != nil { + return err + } + } else { + u, err = user.LookupId(scpOpts.User) + if err != nil { + return err + } + } + uid, err := strconv.Atoi(u.Uid) + if err != nil { + return err + } + gid, err := strconv.Atoi(u.Gid) + if err != nil { + return err + } + err = os.Chown(scpOpts.Save.Output, uid, gid) // chown the output because was created by root so we need to give th euser read access + if err != nil { + return err + } + + podman, err := os.Executable() + if err != nil { + return err + } + machinectl, err := exec.LookPath("machinectl") + if err != nil { + logrus.Warn("defaulting to su since machinectl is not available, su will fail if no user session is available") + cmd := exec.Command("su", "-l", u.Username, "--command", podman+" --log-level="+logrus.GetLevel().String()+" --cgroup-manager=cgroupfs load --input="+scpOpts.Save.Output) // load the new image to the rootless storage + cmd.Stderr = os.Stderr + cmd.Stdout = os.Stdout + logrus.Debug("Executing load command su") + err = cmd.Run() + if err != nil { + return err + } + } else { + cmd := exec.Command(machinectl, "shell", "-q", u.Username+"@.host", podman, "--log-level="+logrus.GetLevel().String(), "--cgroup-manager=cgroupfs", "load", "--input", scpOpts.Save.Output) // load the new image to the rootless storage + cmd.Stderr = os.Stderr + cmd.Stdout = os.Stdout + logrus.Debug("Executing load command machinectl") + err = cmd.Run() + if err != nil { + return err + } + } + + return nil +} + func (ir *ImageEngine) Tag(ctx context.Context, nameOrID string, tags []string, options entities.ImageTagOptions) error { // Allow tagging manifest list instead of resolving instances from manifest lookupOptions := &libimage.LookupImageOptions{ManifestList: true} |