summaryrefslogtreecommitdiff
path: root/pkg/rootless/rootless_linux.c
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2019-05-25 12:32:08 +0200
committerGitHub <noreply@github.com>2019-05-25 12:32:08 +0200
commitb1d590b4412fa7508390c8733c549049d6d3a75b (patch)
tree878e704e129d29e4c869717a97abde3ef5891e56 /pkg/rootless/rootless_linux.c
parent3c85122faa8f5697d41cb704c76468349cf97cb8 (diff)
parent5eb321ac372f5c29f65769a4554ff224186ffb21 (diff)
downloadpodman-b1d590b4412fa7508390c8733c549049d6d3a75b.tar.gz
podman-b1d590b4412fa7508390c8733c549049d6d3a75b.tar.bz2
podman-b1d590b4412fa7508390c8733c549049d6d3a75b.zip
Merge pull request #3196 from giuseppe/keep-id
userns: add new option --userns=keep-id
Diffstat (limited to 'pkg/rootless/rootless_linux.c')
-rw-r--r--pkg/rootless/rootless_linux.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c
index a08cfd36a..098ca7830 100644
--- a/pkg/rootless/rootless_linux.c
+++ b/pkg/rootless/rootless_linux.c
@@ -40,6 +40,7 @@ static const char *_unprivileged_user_namespaces = "/proc/sys/kernel/unprivilege
static int open_files_max_fd;
fd_set open_files_set;
static uid_t rootless_uid_init;
+static gid_t rootless_gid_init;
static int
syscall_setresuid (uid_t ruid, uid_t euid, uid_t suid)
@@ -59,6 +60,12 @@ rootless_uid ()
return rootless_uid_init;
}
+uid_t
+rootless_gid ()
+{
+ return rootless_gid_init;
+}
+
static void
do_pause ()
{
@@ -224,6 +231,7 @@ static void __attribute__((constructor)) init()
long pid;
char buf[12];
uid_t uid;
+ gid_t gid;
char path[PATH_MAX];
const char *const suffix = "/libpod/pause.pid";
char *cwd = getcwd (NULL, 0);
@@ -263,6 +271,7 @@ static void __attribute__((constructor)) init()
}
uid = geteuid ();
+ gid = getegid ();
sprintf (path, "/proc/%d/ns/user", pid);
fd = open (path, O_RDONLY);
@@ -310,6 +319,7 @@ static void __attribute__((constructor)) init()
free (cwd);
rootless_uid_init = uid;
+ rootless_gid_init = gid;
}
}
@@ -440,6 +450,7 @@ reexec_userns_join (int userns, int mountns, char *pause_pid_file_path)
{
pid_t ppid = getpid ();
char uid[16];
+ char gid[16];
char **argv;
int pid;
char *cwd = getcwd (NULL, 0);
@@ -451,6 +462,7 @@ reexec_userns_join (int userns, int mountns, char *pause_pid_file_path)
}
sprintf (uid, "%d", geteuid ());
+ sprintf (gid, "%d", getegid ());
argv = get_cmd_line_args (ppid);
if (argv == NULL)
@@ -477,6 +489,7 @@ reexec_userns_join (int userns, int mountns, char *pause_pid_file_path)
setenv ("_CONTAINERS_USERNS_CONFIGURED", "init", 1);
setenv ("_CONTAINERS_ROOTLESS_UID", uid, 1);
+ setenv ("_CONTAINERS_ROOTLESS_GID", gid, 1);
if (prctl (PR_SET_PDEATHSIG, SIGTERM, 0, 0, 0) < 0)
{
@@ -556,6 +569,7 @@ reexec_in_user_namespace (int ready, char *pause_pid_file_path)
pid_t ppid = getpid ();
char **argv;
char uid[16];
+ char gid[16];
char *listen_fds = NULL;
char *listen_pid = NULL;
bool do_socket_activation = false;
@@ -577,6 +591,7 @@ reexec_in_user_namespace (int ready, char *pause_pid_file_path)
}
sprintf (uid, "%d", geteuid ());
+ sprintf (gid, "%d", getegid ());
pid = syscall_clone (CLONE_NEWUSER|CLONE_NEWNS|SIGCHLD, NULL);
if (pid < 0)
@@ -621,6 +636,7 @@ reexec_in_user_namespace (int ready, char *pause_pid_file_path)
setenv ("_CONTAINERS_USERNS_CONFIGURED", "init", 1);
setenv ("_CONTAINERS_ROOTLESS_UID", uid, 1);
+ setenv ("_CONTAINERS_ROOTLESS_GID", gid, 1);
do
ret = read (ready, &b, 1) < 0;