summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
Diffstat (limited to 'pkg')
-rw-r--r--pkg/rootless/rootless_linux.go2
-rw-r--r--pkg/rootless/rootless_unsupported.go13
-rw-r--r--pkg/spec/config_linux.go25
-rw-r--r--pkg/spec/config_linux_cgo.go34
-rw-r--r--pkg/spec/config_linux_nocgo.go11
5 files changed, 56 insertions, 29 deletions
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
index d51f32d68..f3b9a8fd5 100644
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@@ -1,4 +1,4 @@
-// +build linux
+// +build linux,cgo
package rootless
diff --git a/pkg/rootless/rootless_unsupported.go b/pkg/rootless/rootless_unsupported.go
index 52863580e..a8485c083 100644
--- a/pkg/rootless/rootless_unsupported.go
+++ b/pkg/rootless/rootless_unsupported.go
@@ -1,14 +1,21 @@
-// +build !linux
+// +build !linux !cgo
package rootless
import (
+ "os"
+
"github.com/pkg/errors"
)
-// IsRootless returns false on all non-linux platforms
+// IsRootless returns whether the user is rootless
func IsRootless() bool {
- return false
+ uid := os.Geteuid()
+ // os.Geteuid() on Windows returns -1
+ if uid == -1 {
+ return false
+ }
+ return uid != 0
}
// BecomeRootInUserNS re-exec podman in a new userNS. It returns whether podman was re-executed
diff --git a/pkg/spec/config_linux.go b/pkg/spec/config_linux.go
index eb2acf984..9f6a4a058 100644
--- a/pkg/spec/config_linux.go
+++ b/pkg/spec/config_linux.go
@@ -4,12 +4,10 @@ package createconfig
import (
"fmt"
- "io/ioutil"
"os"
"path/filepath"
"strings"
- "github.com/docker/docker/profiles/seccomp"
"github.com/opencontainers/runc/libcontainer/configs"
"github.com/opencontainers/runc/libcontainer/devices"
spec "github.com/opencontainers/runtime-spec/specs-go"
@@ -130,29 +128,6 @@ func (c *CreateConfig) addPrivilegedDevices(g *generate.Generator) error {
return nil
}
-func getSeccompConfig(config *CreateConfig, configSpec *spec.Spec) (*spec.LinuxSeccomp, error) {
- var seccompConfig *spec.LinuxSeccomp
- var err error
-
- if config.SeccompProfilePath != "" {
- seccompProfile, err := ioutil.ReadFile(config.SeccompProfilePath)
- if err != nil {
- return nil, errors.Wrapf(err, "opening seccomp profile (%s) failed", config.SeccompProfilePath)
- }
- seccompConfig, err = seccomp.LoadProfile(string(seccompProfile), configSpec)
- if err != nil {
- return nil, errors.Wrapf(err, "loading seccomp profile (%s) failed", config.SeccompProfilePath)
- }
- } else {
- seccompConfig, err = seccomp.GetDefaultProfile(configSpec)
- if err != nil {
- return nil, errors.Wrapf(err, "loading seccomp profile (%s) failed", config.SeccompProfilePath)
- }
- }
-
- return seccompConfig, nil
-}
-
func (c *CreateConfig) createBlockIO() (*spec.LinuxBlockIO, error) {
var ret *spec.LinuxBlockIO
bio := &spec.LinuxBlockIO{}
diff --git a/pkg/spec/config_linux_cgo.go b/pkg/spec/config_linux_cgo.go
new file mode 100644
index 000000000..e6e92a7cc
--- /dev/null
+++ b/pkg/spec/config_linux_cgo.go
@@ -0,0 +1,34 @@
+// +build linux,cgo
+
+package createconfig
+
+import (
+ "io/ioutil"
+
+ "github.com/docker/docker/profiles/seccomp"
+ spec "github.com/opencontainers/runtime-spec/specs-go"
+ "github.com/pkg/errors"
+)
+
+func getSeccompConfig(config *CreateConfig, configSpec *spec.Spec) (*spec.LinuxSeccomp, error) {
+ var seccompConfig *spec.LinuxSeccomp
+ var err error
+
+ if config.SeccompProfilePath != "" {
+ seccompProfile, err := ioutil.ReadFile(config.SeccompProfilePath)
+ if err != nil {
+ return nil, errors.Wrapf(err, "opening seccomp profile (%s) failed", config.SeccompProfilePath)
+ }
+ seccompConfig, err = seccomp.LoadProfile(string(seccompProfile), configSpec)
+ if err != nil {
+ return nil, errors.Wrapf(err, "loading seccomp profile (%s) failed", config.SeccompProfilePath)
+ }
+ } else {
+ seccompConfig, err = seccomp.GetDefaultProfile(configSpec)
+ if err != nil {
+ return nil, errors.Wrapf(err, "loading seccomp profile (%s) failed", config.SeccompProfilePath)
+ }
+ }
+
+ return seccompConfig, nil
+}
diff --git a/pkg/spec/config_linux_nocgo.go b/pkg/spec/config_linux_nocgo.go
new file mode 100644
index 000000000..10329ff3b
--- /dev/null
+++ b/pkg/spec/config_linux_nocgo.go
@@ -0,0 +1,11 @@
+// +build linux,!cgo
+
+package createconfig
+
+import (
+ spec "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+func getSeccompConfig(config *CreateConfig, configSpec *spec.Spec) (*spec.LinuxSeccomp, error) {
+ return nil, nil
+}