summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
Diffstat (limited to 'pkg')
-rw-r--r--pkg/rootless/rootless_linux.go2
-rw-r--r--pkg/rootless/rootless_unsupported.go2
-rw-r--r--pkg/spec/spec.go6
-rw-r--r--pkg/util/utils.go6
4 files changed, 8 insertions, 8 deletions
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
index b2677f7d9..baceebee3 100644
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@@ -72,7 +72,7 @@ func GetRootlessUID() int {
u, _ := strconv.Atoi(uidEnv)
return u
}
- return os.Getuid()
+ return os.Geteuid()
}
func tryMappingTool(tool string, pid int, hostID int, mappings []idtools.IDMap) error {
diff --git a/pkg/rootless/rootless_unsupported.go b/pkg/rootless/rootless_unsupported.go
index 54e70961b..e01d7855c 100644
--- a/pkg/rootless/rootless_unsupported.go
+++ b/pkg/rootless/rootless_unsupported.go
@@ -41,7 +41,7 @@ func SkipStorageSetup() bool {
// JoinNS re-exec podman in a new userNS and join the user namespace of the specified
// PID.
-func JoinNS(pid uint) (bool, int, error) {
+func JoinNS(pid uint, preserveFDs int) (bool, int, error) {
return false, -1, errors.New("this function is not supported on this os")
}
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 32d47732b..a61741f73 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -9,7 +9,7 @@ import (
"github.com/containers/libpod/pkg/rootless"
"github.com/containers/storage/pkg/mount"
pmount "github.com/containers/storage/pkg/mount"
- "github.com/docker/docker/daemon/caps"
+ "github.com/docker/docker/oci/caps"
"github.com/docker/go-units"
"github.com/opencontainers/runc/libcontainer/user"
spec "github.com/opencontainers/runtime-spec/specs-go"
@@ -625,7 +625,7 @@ func setupCapabilities(config *CreateConfig, configSpec *spec.Spec) error {
if useNotRoot(config.User) {
configSpec.Process.Capabilities.Bounding = caplist
}
- caplist, err = caps.TweakCapabilities(configSpec.Process.Capabilities.Bounding, config.CapAdd, config.CapDrop)
+ caplist, err = caps.TweakCapabilities(configSpec.Process.Capabilities.Bounding, config.CapAdd, config.CapDrop, nil, false)
if err != nil {
return err
}
@@ -636,7 +636,7 @@ func setupCapabilities(config *CreateConfig, configSpec *spec.Spec) error {
configSpec.Process.Capabilities.Effective = caplist
configSpec.Process.Capabilities.Ambient = caplist
if useNotRoot(config.User) {
- caplist, err = caps.TweakCapabilities(bounding, config.CapAdd, config.CapDrop)
+ caplist, err = caps.TweakCapabilities(bounding, config.CapAdd, config.CapDrop, nil, false)
if err != nil {
return err
}
diff --git a/pkg/util/utils.go b/pkg/util/utils.go
index d7e1ddd38..73dddf2ac 100644
--- a/pkg/util/utils.go
+++ b/pkg/util/utils.go
@@ -190,15 +190,15 @@ func GetRootlessRuntimeDir() (string, error) {
tmpDir := filepath.Join("/run", "user", uid)
os.MkdirAll(tmpDir, 0700)
st, err := os.Stat(tmpDir)
- if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Getuid() && st.Mode().Perm() == 0700 {
+ if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Geteuid() && st.Mode().Perm() == 0700 {
runtimeDir = tmpDir
}
}
if runtimeDir == "" {
- tmpDir := filepath.Join(os.TempDir(), "user", uid)
+ tmpDir := filepath.Join(os.TempDir(), fmt.Sprintf("libpod-rundir-%s", uid))
os.MkdirAll(tmpDir, 0700)
st, err := os.Stat(tmpDir)
- if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Getuid() && st.Mode().Perm() == 0700 {
+ if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Geteuid() && st.Mode().Perm() == 0700 {
runtimeDir = tmpDir
}
}