diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-02-25 11:44:06 +0100 |
|---|---|---|
| committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-03-02 11:45:42 +0100 |
| commit | 0b34327ad40e04861dac7f73870d87633a5c637e (patch) | |
| tree | f7f601f616e34bd749a39f46bec66da4f0abaaf0 /pkg/rootless | |
| parent | 9adcda73892fa0a33cbdf971ad97cf079e8e425f (diff) | |
| download | podman-0b34327ad40e04861dac7f73870d87633a5c637e.tar.gz podman-0b34327ad40e04861dac7f73870d87633a5c637e.tar.bz2 podman-0b34327ad40e04861dac7f73870d87633a5c637e.zip | |
exec: support --preserve-fds
Allow to pass additional FDs to the process being executed.
Closes: https://github.com/containers/libpod/issues/2372
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'pkg/rootless')
| -rw-r--r-- | pkg/rootless/rootless_linux.go | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go index 98692707f..55fba900e 100644 --- a/pkg/rootless/rootless_linux.go +++ b/pkg/rootless/rootless_linux.go @@ -102,7 +102,7 @@ func tryMappingTool(tool string, pid int, hostID int, mappings []idtools.IDMap) // JoinNS re-exec podman in a new userNS and join the user namespace of the specified // PID. -func JoinNS(pid uint) (bool, int, error) { +func JoinNS(pid uint, preserveFDs int) (bool, int, error) { if os.Geteuid() == 0 || os.Getenv("_LIBPOD_USERNS_CONFIGURED") != "" { return false, -1, nil } @@ -117,6 +117,13 @@ func JoinNS(pid uint) (bool, int, error) { if int(pidC) < 0 { return false, -1, errors.Errorf("cannot re-exec process") } + if preserveFDs > 0 { + for fd := 3; fd < 3+preserveFDs; fd++ { + // These fds were passed down to the runtime. Close them + // and not interfere + os.NewFile(uintptr(fd), fmt.Sprintf("fd-%d", fd)).Close() + } + } ret := C.reexec_in_user_namespace_wait(pidC) if ret < 0 { |