diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2018-07-05 12:03:01 +0200 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-07-05 13:30:15 +0000 |
commit | a1545fe6e4749444204f27f5c04034f9415d4757 (patch) | |
tree | b930f8c5a95c217ba1ce63db8a9574e79b15cdfd /pkg/rootless | |
parent | e38272047fbafb9fb35419e356d4576824585c23 (diff) | |
download | podman-a1545fe6e4749444204f27f5c04034f9415d4757.tar.gz podman-a1545fe6e4749444204f27f5c04034f9415d4757.tar.bz2 podman-a1545fe6e4749444204f27f5c04034f9415d4757.zip |
rootless: add function to retrieve the original UID
After we re-exec in the userNS os.Getuid() returns the new UID (= 0)
which is not what we want to use.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1048
Approved by: mheon
Diffstat (limited to 'pkg/rootless')
-rw-r--r-- | pkg/rootless/rootless_linux.c | 8 | ||||
-rw-r--r-- | pkg/rootless/rootless_linux.go | 11 |
2 files changed, 19 insertions, 0 deletions
diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c index 163f46052..0f2008375 100644 --- a/pkg/rootless/rootless_linux.c +++ b/pkg/rootless/rootless_linux.c @@ -88,6 +88,9 @@ reexec_in_user_namespace(int ready) char b; pid_t ppid = getpid (); char **argv; + char uid[16]; + + sprintf (uid, "%d", geteuid ()); pid = syscall_clone (CLONE_NEWUSER|SIGCHLD, NULL); if (pid) @@ -96,6 +99,7 @@ reexec_in_user_namespace(int ready) argv = get_cmd_line_args (ppid); setenv ("_LIBPOD_USERNS_CONFIGURED", "init", 1); + setenv ("_LIBPOD_ROOTLESS_UID", uid, 1); do ret = read (ready, &b, 1) < 0; @@ -104,6 +108,10 @@ reexec_in_user_namespace(int ready) _exit (1); close (ready); + if (setresgid (0, 0, 0) < 0 || + setresuid (0, 0, 0) < 0) + _exit (1); + execv (argv[0], argv); _exit (1); diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go index 5b4094bf2..70fa6b152 100644 --- a/pkg/rootless/rootless_linux.go +++ b/pkg/rootless/rootless_linux.go @@ -8,6 +8,7 @@ import ( "os" gosignal "os/signal" "runtime" + "strconv" "syscall" "github.com/containers/storage/pkg/idtools" @@ -26,6 +27,16 @@ func IsRootless() bool { return os.Getuid() != 0 || os.Getenv("_LIBPOD_USERNS_CONFIGURED") != "" } +// GetRootlessUID returns the UID of the user in the parent userNS +func GetRootlessUID() int { + uidEnv := os.Getenv("_LIBPOD_ROOTLESS_UID") + if uidEnv != "" { + u, _ := strconv.Atoi(uidEnv) + return u + } + return os.Getuid() +} + // BecomeRootInUserNS re-exec podman in a new userNS func BecomeRootInUserNS() (bool, error) { |