summaryrefslogtreecommitdiff
path: root/pkg/rootless/rootless.go
Commit message (Collapse)AuthorAge
* rootless: use sync.Once for GetAvailableGids()Giuseppe Scrivano2020-10-02
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: move GetAvailableGids to the rootless pkgGiuseppe Scrivano2020-10-02
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* fix lint in pkg/rootlessValentin Rothberg2020-01-08
| | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* rootless: automatically recreate the pause.pid fileGiuseppe Scrivano2019-10-09
| | | | | | | if the pause process cannot be joined, remove the pause.pid while keeping a lock on it, and try to recreate it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: use a single user namespaceGiuseppe Scrivano2019-04-01
| | | | | | | | | | | | | | | | | | | | | simplify the rootless implementation to use a single user namespace for all the running containers. This makes the rootless implementation behave more like root Podman, where each container is created in the host environment. There are multiple advantages to it: 1) much simpler implementation as there is only one namespace to join. 2) we can join namespaces owned by different containers. 3) commands like ps won't be limited to what container they can access as previously we either had access to the storage from a new namespace or access to /proc when running from the host. 4) rootless varlink works. 5) there are only two ways to enter in a namespace, either by creating a new one if no containers are running or joining the existing one from any container. Containers created by older Podman versions must be restarted. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: support a custom arg to the new processGiuseppe Scrivano2019-03-11
| | | | | | | | | let the process running as euid != 0 pass down an argument to the process running in the user namespace. This will be useful for commands like rm -a that needs to join different namespaces, so that we can re-exec separately for each of them. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: Merge rootless.go back into rootless_linux.goW. Trevor King2018-07-06
| | | | | | | | | | | | | | | The files were split apart by b96be3af (changes to allow for darwin compilation, 2018-06-20, #1015), but the C import and two functions left in rootless.go are all Linux-specific as well. This commit moves all of the pre-b96be3af rootless.go into rootless_linux.go, just adding the '// +build linux' header (b96be3af also scrambled the + in that header) and keeping the new GetRootlessUID from a1545fe6 (rootless: add function to retrieve the original UID, 2018-07-05, #1048). Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #1034 Approved by: baude
* changes to allow for darwin compilationbaude2018-06-29
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #1015 Approved by: baude
* rootless: add management for the userNSGiuseppe Scrivano2018-06-27
When running podman as non root user always create an userNS and let the OCI runtime use it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #936 Approved by: rhatdan