summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
Diffstat (limited to 'libpod')
-rw-r--r--libpod/container_api.go17
1 files changed, 16 insertions, 1 deletions
diff --git a/libpod/container_api.go b/libpod/container_api.go
index 3e5b6ea53..56947eb3a 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -2,6 +2,7 @@ package libpod
import (
"context"
+ "fmt"
"io/ioutil"
"os"
"strconv"
@@ -9,6 +10,7 @@ import (
"time"
"github.com/containers/libpod/libpod/driver"
+ "github.com/containers/libpod/pkg/chrootuser"
"github.com/containers/libpod/pkg/inspect"
"github.com/containers/storage/pkg/stringid"
"github.com/docker/docker/daemon/caps"
@@ -298,6 +300,19 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user string) e
capList = caps.GetAllCapabilities()
}
+ // If user was set, look it up in the container to get a UID to use on
+ // the host
+ hostUser := ""
+ if user != "" {
+ uid, gid, err := chrootuser.GetUser(c.state.Mountpoint, user)
+ if err != nil {
+ return errors.Wrapf(err, "error getting user to launch exec session as")
+ }
+
+ // runc expects user formatted as uid:gid
+ hostUser = fmt.Sprintf("%d:%d", uid, gid)
+ }
+
// Generate exec session ID
// Ensure we don't conflict with an existing session ID
sessionID := stringid.GenerateNonCryptoID()
@@ -318,7 +333,7 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user string) e
logrus.Debugf("Creating new exec session in container %s with session id %s", c.ID(), sessionID)
- execCmd, err := c.runtime.ociRuntime.execContainer(c, cmd, capList, env, tty, user, sessionID)
+ execCmd, err := c.runtime.ociRuntime.execContainer(c, cmd, capList, env, tty, hostUser, sessionID)
if err != nil {
return errors.Wrapf(err, "error creating exec command for container %s", c.ID())
}