diff options
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/oci.go | 6 | ||||
| -rw-r--r-- | libpod/runtime.go | 19 |
2 files changed, 19 insertions, 6 deletions
diff --git a/libpod/oci.go b/libpod/oci.go index 9021a522b..da054eceb 100644 --- a/libpod/oci.go +++ b/libpod/oci.go @@ -681,6 +681,12 @@ func (r *OCIRuntime) execContainer(c *Container, cmd, capAdd, env []string, tty logrus.Debugf("Starting runtime %s with following arguments: %v", r.path, args) execCmd := exec.Command(r.path, args...) + if rootless.IsRootless() { + args = append([]string{"--preserve-credentials", "-U", "-t", fmt.Sprintf("%d", c.state.PID), r.path}, args...) + // using nsenter might not be correct if the target PID joined a different user namespace. + // A better way would be to retrieve the parent ns (NS_GET_PARENT) until it is a child of the current namespace. + execCmd = exec.Command("nsenter", args...) + } execCmd.Stdout = os.Stdout execCmd.Stderr = os.Stderr execCmd.Stdin = os.Stdin diff --git a/libpod/runtime.go b/libpod/runtime.go index adeb901f2..2df4ef760 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -405,9 +405,14 @@ func makeRuntime(runtime *Runtime) (err error) { } // Set up containers/storage - store, err := storage.GetStore(runtime.config.StorageConfig) - if err != nil { - return err + var store storage.Store + if rootless.SkipStorageSetup() { + logrus.Debug("Not configuring container store") + } else { + store, err = storage.GetStore(runtime.config.StorageConfig) + if err != nil { + return err + } } runtime.store = store @@ -424,7 +429,7 @@ func makeRuntime(runtime *Runtime) (err error) { // Setting signaturepolicypath ir.SignaturePolicyPath = runtime.config.SignaturePolicyPath defer func() { - if err != nil { + if err != nil && store != nil { // Don't forcibly shut down // We could be opening a store in use by another libpod _, err2 := store.Shutdown(false) @@ -611,8 +616,10 @@ func (r *Runtime) Shutdown(force bool) error { } var lastError error - if _, err := r.store.Shutdown(force); err != nil { - lastError = errors.Wrapf(err, "Error shutting down container storage") + if r.store != nil { + if _, err := r.store.Shutdown(force); err != nil { + lastError = errors.Wrapf(err, "Error shutting down container storage") + } } if err := r.state.Close(); err != nil { if lastError != nil { |