diff options
-rw-r--r-- | libpod/container_internal_common.go | 51 | ||||
-rw-r--r-- | libpod/container_internal_freebsd.go | 49 | ||||
-rw-r--r-- | libpod/container_internal_linux.go | 49 |
3 files changed, 51 insertions, 98 deletions
diff --git a/libpod/container_internal_common.go b/libpod/container_internal_common.go index 476ae1989..0d5071831 100644 --- a/libpod/container_internal_common.go +++ b/libpod/container_internal_common.go @@ -9,6 +9,7 @@ import ( "fmt" "math" "os" + "path/filepath" "strconv" "strings" "time" @@ -26,6 +27,7 @@ import ( "github.com/containers/podman/v4/pkg/util" "github.com/containers/storage/pkg/idtools" securejoin "github.com/cyphar/filepath-securejoin" + runcuser "github.com/opencontainers/runc/libcontainer/user" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/opencontainers/selinux/go-selinux/label" @@ -593,3 +595,52 @@ func (c *Container) resolveWorkDir() error { return nil } + +func (c *Container) getUserOverrides() *lookup.Overrides { + var hasPasswdFile, hasGroupFile bool + overrides := lookup.Overrides{} + for _, m := range c.config.Spec.Mounts { + if m.Destination == "/etc/passwd" { + overrides.ContainerEtcPasswdPath = m.Source + hasPasswdFile = true + } + if m.Destination == "/etc/group" { + overrides.ContainerEtcGroupPath = m.Source + hasGroupFile = true + } + if m.Destination == "/etc" { + if !hasPasswdFile { + overrides.ContainerEtcPasswdPath = filepath.Join(m.Source, "passwd") + } + if !hasGroupFile { + overrides.ContainerEtcGroupPath = filepath.Join(m.Source, "group") + } + } + } + if path, ok := c.state.BindMounts["/etc/passwd"]; ok { + overrides.ContainerEtcPasswdPath = path + } + return &overrides +} + +func lookupHostUser(name string) (*runcuser.ExecUser, error) { + var execUser runcuser.ExecUser + // Look up User on host + u, err := util.LookupUser(name) + if err != nil { + return &execUser, err + } + uid, err := strconv.ParseUint(u.Uid, 8, 32) + if err != nil { + return &execUser, err + } + + gid, err := strconv.ParseUint(u.Gid, 8, 32) + if err != nil { + return &execUser, err + } + execUser.Uid = int(uid) + execUser.Gid = int(gid) + execUser.Home = u.HomeDir + return &execUser, nil +} diff --git a/libpod/container_internal_freebsd.go b/libpod/container_internal_freebsd.go index f460ca49a..98ae209e8 100644 --- a/libpod/container_internal_freebsd.go +++ b/libpod/container_internal_freebsd.go @@ -187,55 +187,6 @@ func (c *Container) reloadNetwork() error { return c.save() } -func (c *Container) getUserOverrides() *lookup.Overrides { - var hasPasswdFile, hasGroupFile bool - overrides := lookup.Overrides{} - for _, m := range c.config.Spec.Mounts { - if m.Destination == "/etc/passwd" { - overrides.ContainerEtcPasswdPath = m.Source - hasPasswdFile = true - } - if m.Destination == "/etc/group" { - overrides.ContainerEtcGroupPath = m.Source - hasGroupFile = true - } - if m.Destination == "/etc" { - if !hasPasswdFile { - overrides.ContainerEtcPasswdPath = filepath.Join(m.Source, "passwd") - } - if !hasGroupFile { - overrides.ContainerEtcGroupPath = filepath.Join(m.Source, "group") - } - } - } - if path, ok := c.state.BindMounts["/etc/passwd"]; ok { - overrides.ContainerEtcPasswdPath = path - } - return &overrides -} - -func lookupHostUser(name string) (*runcuser.ExecUser, error) { - var execUser runcuser.ExecUser - // Look up User on host - u, err := util.LookupUser(name) - if err != nil { - return &execUser, err - } - uid, err := strconv.ParseUint(u.Uid, 8, 32) - if err != nil { - return &execUser, err - } - - gid, err := strconv.ParseUint(u.Gid, 8, 32) - if err != nil { - return &execUser, err - } - execUser.Uid = int(uid) - execUser.Gid = int(gid) - execUser.Home = u.HomeDir - return &execUser, nil -} - // mountNotifySocket mounts the NOTIFY_SOCKET into the container if it's set // and if the sdnotify mode is set to container. It also sets c.notifySocket // to avoid redundantly looking up the env variable. diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 16a576947..9bdbd59a9 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -220,55 +220,6 @@ func (c *Container) reloadNetwork() error { return c.save() } -func (c *Container) getUserOverrides() *lookup.Overrides { - var hasPasswdFile, hasGroupFile bool - overrides := lookup.Overrides{} - for _, m := range c.config.Spec.Mounts { - if m.Destination == "/etc/passwd" { - overrides.ContainerEtcPasswdPath = m.Source - hasPasswdFile = true - } - if m.Destination == "/etc/group" { - overrides.ContainerEtcGroupPath = m.Source - hasGroupFile = true - } - if m.Destination == "/etc" { - if !hasPasswdFile { - overrides.ContainerEtcPasswdPath = filepath.Join(m.Source, "passwd") - } - if !hasGroupFile { - overrides.ContainerEtcGroupPath = filepath.Join(m.Source, "group") - } - } - } - if path, ok := c.state.BindMounts["/etc/passwd"]; ok { - overrides.ContainerEtcPasswdPath = path - } - return &overrides -} - -func lookupHostUser(name string) (*runcuser.ExecUser, error) { - var execUser runcuser.ExecUser - // Look up User on host - u, err := util.LookupUser(name) - if err != nil { - return &execUser, err - } - uid, err := strconv.ParseUint(u.Uid, 8, 32) - if err != nil { - return &execUser, err - } - - gid, err := strconv.ParseUint(u.Gid, 8, 32) - if err != nil { - return &execUser, err - } - execUser.Uid = int(uid) - execUser.Gid = int(gid) - execUser.Home = u.HomeDir - return &execUser, nil -} - // mountNotifySocket mounts the NOTIFY_SOCKET into the container if it's set // and if the sdnotify mode is set to container. It also sets c.notifySocket // to avoid redundantly looking up the env variable. |