summaryrefslogtreecommitdiff
path: root/pkg/rootless/rootless_unsupported.go
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2018-08-23 23:02:04 +0200
committerAtomic Bot <atomic-devel@projectatomic.io>2018-08-26 07:22:42 +0000
commit720eb85ba55d8c825262e9b2e058ec8a8e0e4d9f (patch)
tree73ef0abad027bc6bffe97d75b6936b8c7562cca8 /pkg/rootless/rootless_unsupported.go
parent1ac4dbb50861d502cb819c63335848a60ffa7dec (diff)
downloadpodman-720eb85ba55d8c825262e9b2e058ec8a8e0e4d9f.tar.gz
podman-720eb85ba55d8c825262e9b2e058ec8a8e0e4d9f.tar.bz2
podman-720eb85ba55d8c825262e9b2e058ec8a8e0e4d9f.zip
rootless: fix exec
We cannot re-exec into a new user namespace to gain privileges and access an existing as the new namespace is not the owner of the existing container. "unshare" is used to join the user namespace of the target container. The current implementation assumes that the main process of the container didn't create a new user namespace. Since in the setup phase we are not running with euid=0, we must skip the setup for containers/storage. Closes: https://github.com/containers/libpod/issues/1329 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1331 Approved by: rhatdan
Diffstat (limited to 'pkg/rootless/rootless_unsupported.go')
-rw-r--r--pkg/rootless/rootless_unsupported.go9
1 files changed, 9 insertions, 0 deletions
diff --git a/pkg/rootless/rootless_unsupported.go b/pkg/rootless/rootless_unsupported.go
index b1f075045..11dfd5aa4 100644
--- a/pkg/rootless/rootless_unsupported.go
+++ b/pkg/rootless/rootless_unsupported.go
@@ -21,3 +21,12 @@ func BecomeRootInUserNS() (bool, int, error) {
func GetRootlessUID() int {
return -1
}
+
+// SetSkipStorageSetup tells the runtime to not setup containers/storage
+func SetSkipStorageSetup(bool) {
+}
+
+// SkipStorageSetup tells if we should skip the containers/storage setup
+func SkipStorageSetup() bool {
+ return false
+}