diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2018-06-11 16:03:34 +0200 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-06-27 14:07:17 +0000 |
| commit | 5ff90677c83b78366554493e10f7615119f7e0a1 (patch) | |
| tree | 094685755b891f5813a458cfadb5374e68f732fb /pkg/spec | |
| parent | 8ee8f847340c3ac2264e183655fb7cdcbbfbb2cd (diff) | |
| download | podman-5ff90677c83b78366554493e10f7615119f7e0a1.tar.gz podman-5ff90677c83b78366554493e10f7615119f7e0a1.tar.bz2 podman-5ff90677c83b78366554493e10f7615119f7e0a1.zip | |
rootless: add management for the userNS
When running podman as non root user always create an userNS and let
the OCI runtime use it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #936
Approved by: rhatdan
Diffstat (limited to 'pkg/spec')
| -rw-r--r-- | pkg/spec/createconfig.go | 3 | ||||
| -rw-r--r-- | pkg/spec/spec.go | 6 |
2 files changed, 5 insertions, 4 deletions
diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go index 205e08c57..af0a62c65 100644 --- a/pkg/spec/createconfig.go +++ b/pkg/spec/createconfig.go @@ -16,6 +16,7 @@ import ( "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" "github.com/projectatomic/libpod/libpod" + "github.com/projectatomic/libpod/pkg/rootless" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) @@ -360,7 +361,7 @@ func (c *CreateConfig) GetContainerCreateOptions() ([]libpod.CtrCreateOption, er // does not have one options = append(options, libpod.WithEntrypoint(c.Entrypoint)) - if os.Getuid() != 0 { + if rootless.IsRootless() { if !c.NetMode.IsHost() && !c.NetMode.IsNone() { options = append(options, libpod.WithNetNS(portBindings, true)) } diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index b341c8a35..565c07014 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -1,7 +1,6 @@ package createconfig import ( - "os" "strings" "github.com/docker/docker/daemon/caps" @@ -12,6 +11,7 @@ import ( spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/pkg/errors" + "github.com/projectatomic/libpod/pkg/rootless" "github.com/sirupsen/logrus" "io/ioutil" ) @@ -45,7 +45,7 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint } g.AddMount(sysMnt) } - if os.Getuid() != 0 { + if rootless.IsRootless() { g.RemoveMount("/dev/pts") devPts := spec.Mount{ Destination: "/dev/pts", @@ -82,7 +82,7 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint } g.AddProcessEnv("container", "podman") - canAddResources := os.Getuid() == 0 + canAddResources := !rootless.IsRootless() if canAddResources { // RESOURCES - MEMORY |