diff options
-rw-r--r-- | cmd/podman/cp.go | 34 | ||||
-rw-r--r-- | cmd/podman/main.go | 1 |
2 files changed, 35 insertions, 0 deletions
diff --git a/cmd/podman/cp.go b/cmd/podman/cp.go index 89114fda1..d9f230b67 100644 --- a/cmd/podman/cp.go +++ b/cmd/podman/cp.go @@ -1,8 +1,10 @@ package main import ( + "io/ioutil" "os" "path/filepath" + "strconv" "strings" "github.com/containers/buildah/util" @@ -10,6 +12,7 @@ import ( "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/containers/libpod/libpod" "github.com/containers/libpod/pkg/chrootuser" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/storage" "github.com/containers/storage/pkg/archive" "github.com/containers/storage/pkg/chrootarchive" @@ -48,6 +51,9 @@ func cpCmd(c *cliconfig.CpValues) error { if len(args) != 2 { return errors.Errorf("you must provide a source path and a destination path") } + if os.Geteuid() != 0 { + rootless.SetSkipStorageSetup(true) + } runtime, err := libpodruntime.GetRuntime(&c.PodmanCommand) if err != nil { @@ -76,6 +82,34 @@ func copyBetweenHostAndContainer(runtime *libpod.Runtime, src string, dest strin ctr = destCtr } + if os.Geteuid() != 0 { + s, err := ctr.State() + if err != nil { + return err + } + var became bool + var ret int + if s == libpod.ContainerStateRunning || s == libpod.ContainerStatePaused { + data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile) + if err != nil { + return errors.Wrapf(err, "cannot read conmon PID file %q", ctr.Config().ConmonPidFile) + } + conmonPid, err := strconv.Atoi(string(data)) + if err != nil { + return errors.Wrapf(err, "cannot parse PID %q", data) + } + became, ret, err = rootless.JoinDirectUserAndMountNS(uint(conmonPid)) + } else { + became, ret, err = rootless.BecomeRootInUserNS() + } + if err != nil { + return err + } + if became { + os.Exit(ret) + } + } + mountPoint, err := ctr.Mount() if err != nil { return err diff --git a/cmd/podman/main.go b/cmd/podman/main.go index 990e55a8c..bb21f2f79 100644 --- a/cmd/podman/main.go +++ b/cmd/podman/main.go @@ -61,6 +61,7 @@ var cmdsNotRequiringRootless = map[*cobra.Command]bool{ _versionCommand: true, _createCommand: true, _execCommand: true, + _cpCommand: true, _exportCommand: true, //// `info` must be executed in an user namespace. //// If this change, please also update libpod.refreshRootless() |