summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2018-07-05 12:03:01 +0200
committerAtomic Bot <atomic-devel@projectatomic.io>2018-07-05 13:30:15 +0000
commita1545fe6e4749444204f27f5c04034f9415d4757 (patch)
treeb930f8c5a95c217ba1ce63db8a9574e79b15cdfd /pkg
parente38272047fbafb9fb35419e356d4576824585c23 (diff)
downloadpodman-a1545fe6e4749444204f27f5c04034f9415d4757.tar.gz
podman-a1545fe6e4749444204f27f5c04034f9415d4757.tar.bz2
podman-a1545fe6e4749444204f27f5c04034f9415d4757.zip
rootless: add function to retrieve the original UID
After we re-exec in the userNS os.Getuid() returns the new UID (= 0) which is not what we want to use. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1048 Approved by: mheon
Diffstat (limited to 'pkg')
-rw-r--r--pkg/rootless/rootless_linux.c8
-rw-r--r--pkg/rootless/rootless_linux.go11
2 files changed, 19 insertions, 0 deletions
diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c
index 163f46052..0f2008375 100644
--- a/pkg/rootless/rootless_linux.c
+++ b/pkg/rootless/rootless_linux.c
@@ -88,6 +88,9 @@ reexec_in_user_namespace(int ready)
char b;
pid_t ppid = getpid ();
char **argv;
+ char uid[16];
+
+ sprintf (uid, "%d", geteuid ());
pid = syscall_clone (CLONE_NEWUSER|SIGCHLD, NULL);
if (pid)
@@ -96,6 +99,7 @@ reexec_in_user_namespace(int ready)
argv = get_cmd_line_args (ppid);
setenv ("_LIBPOD_USERNS_CONFIGURED", "init", 1);
+ setenv ("_LIBPOD_ROOTLESS_UID", uid, 1);
do
ret = read (ready, &b, 1) < 0;
@@ -104,6 +108,10 @@ reexec_in_user_namespace(int ready)
_exit (1);
close (ready);
+ if (setresgid (0, 0, 0) < 0 ||
+ setresuid (0, 0, 0) < 0)
+ _exit (1);
+
execv (argv[0], argv);
_exit (1);
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
index 5b4094bf2..70fa6b152 100644
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@@ -8,6 +8,7 @@ import (
"os"
gosignal "os/signal"
"runtime"
+ "strconv"
"syscall"
"github.com/containers/storage/pkg/idtools"
@@ -26,6 +27,16 @@ func IsRootless() bool {
return os.Getuid() != 0 || os.Getenv("_LIBPOD_USERNS_CONFIGURED") != ""
}
+// GetRootlessUID returns the UID of the user in the parent userNS
+func GetRootlessUID() int {
+ uidEnv := os.Getenv("_LIBPOD_ROOTLESS_UID")
+ if uidEnv != "" {
+ u, _ := strconv.Atoi(uidEnv)
+ return u
+ }
+ return os.Getuid()
+}
+
// BecomeRootInUserNS re-exec podman in a new userNS
func BecomeRootInUserNS() (bool, error) {