summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--pkg/rootless/rootless_linux.c8
-rw-r--r--pkg/rootless/rootless_linux.go11
2 files changed, 19 insertions, 0 deletions
diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c
index 163f46052..0f2008375 100644
--- a/pkg/rootless/rootless_linux.c
+++ b/pkg/rootless/rootless_linux.c
@@ -88,6 +88,9 @@ reexec_in_user_namespace(int ready)
char b;
pid_t ppid = getpid ();
char **argv;
+ char uid[16];
+
+ sprintf (uid, "%d", geteuid ());
pid = syscall_clone (CLONE_NEWUSER|SIGCHLD, NULL);
if (pid)
@@ -96,6 +99,7 @@ reexec_in_user_namespace(int ready)
argv = get_cmd_line_args (ppid);
setenv ("_LIBPOD_USERNS_CONFIGURED", "init", 1);
+ setenv ("_LIBPOD_ROOTLESS_UID", uid, 1);
do
ret = read (ready, &b, 1) < 0;
@@ -104,6 +108,10 @@ reexec_in_user_namespace(int ready)
_exit (1);
close (ready);
+ if (setresgid (0, 0, 0) < 0 ||
+ setresuid (0, 0, 0) < 0)
+ _exit (1);
+
execv (argv[0], argv);
_exit (1);
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
index 5b4094bf2..70fa6b152 100644
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@@ -8,6 +8,7 @@ import (
"os"
gosignal "os/signal"
"runtime"
+ "strconv"
"syscall"
"github.com/containers/storage/pkg/idtools"
@@ -26,6 +27,16 @@ func IsRootless() bool {
return os.Getuid() != 0 || os.Getenv("_LIBPOD_USERNS_CONFIGURED") != ""
}
+// GetRootlessUID returns the UID of the user in the parent userNS
+func GetRootlessUID() int {
+ uidEnv := os.Getenv("_LIBPOD_ROOTLESS_UID")
+ if uidEnv != "" {
+ u, _ := strconv.Atoi(uidEnv)
+ return u
+ }
+ return os.Getuid()
+}
+
// BecomeRootInUserNS re-exec podman in a new userNS
func BecomeRootInUserNS() (bool, error) {
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-19 20:28:17 +0000