aboutsummaryrefslogtreecommitdiff
path: root/pkg/rootless
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2020-07-30 21:45:41 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2020-07-30 21:46:04 +0200
commitd86ef45441635bf12a9ba78ace91050622a5eac3 (patch)
treee80de4a52ccfa6526fd8c3a046c861293a86865f /pkg/rootless
parent8408cfd35c8aaa8cfcd08ee8b0874442f7430ede (diff)
downloadpodman-d86ef45441635bf12a9ba78ace91050622a5eac3.tar.gz
podman-d86ef45441635bf12a9ba78ace91050622a5eac3.tar.bz2
podman-d86ef45441635bf12a9ba78ace91050622a5eac3.zip
rootless: child exits immediately on userns errors
if the parent process failed to create the user namespace, let the child exit immediately. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'pkg/rootless')
-rw-r--r--pkg/rootless/rootless_linux.c2
-rw-r--r--pkg/rootless/rootless_linux.go8
2 files changed, 7 insertions, 3 deletions
diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c
index d3e43e44d..eaf2d4551 100644
--- a/pkg/rootless/rootless_linux.c
+++ b/pkg/rootless/rootless_linux.c
@@ -860,7 +860,7 @@ reexec_in_user_namespace (int ready, char *pause_pid_file_path, char *file_to_re
fprintf (stderr, "cannot read from sync pipe: %s\n", strerror (errno));
_exit (EXIT_FAILURE);
}
- if (b != '0')
+ if (ret != 1 || b != '0')
_exit (EXIT_FAILURE);
if (syscall_setresgid (0, 0, 0) < 0)
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
index 529e90586..fc4393927 100644
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@@ -175,7 +175,7 @@ func GetConfiguredMappings() ([]idtools.IDMap, []idtools.IDMap, error) {
return uids, gids, nil
}
-func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (bool, int, error) {
+func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ bool, _ int, retErr error) {
if os.Geteuid() == 0 || os.Getenv("_CONTAINERS_USERNS_CONFIGURED") != "" {
if os.Getenv("_CONTAINERS_USERNS_CONFIGURED") == "init" {
return false, 0, runInUser()
@@ -205,7 +205,11 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (bool,
defer errorhandling.CloseQuiet(r)
defer errorhandling.CloseQuiet(w)
defer func() {
- if _, err := w.Write([]byte("0")); err != nil {
+ toWrite := []byte("0")
+ if retErr != nil {
+ toWrite = []byte("1")
+ }
+ if _, err := w.Write(toWrite); err != nil {
logrus.Errorf("failed to write byte 0: %q", err)
}
}()