summaryrefslogtreecommitdiff
path: root/pkg/rootless/rootless_linux.c
Commit message (Collapse)AuthorAge
* rootless: check uid with Geteuid() instead of Getuid()Giuseppe Scrivano2018-09-04
| | | | | | | | | | | | change the tests to use chroot to set a numeric UID/GID. Go syscall.Credential doesn't change the effective UID/GID of the process. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1372 Approved by: mheon
* rootless: add new function to join existing namespaceGiuseppe Scrivano2018-08-29
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1371 Approved by: rhatdan
* Check for missing arguments in /proc/self/cmdlineAnders F Björklund2018-08-03
| | | | | Closes: #1206 Approved by: giuseppe
* rootless: do not segfault if the parent already diedGiuseppe Scrivano2018-08-02
| | | | | | Closes: https://github.com/projectatomic/libpod/issues/1189 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #1091 from giuseppe/rootless-unshare-mount-nsDaniel J Walsh2018-07-13
|\ | | | | rootless: unshare mount namespace
| * rootless: unshare mount namespaceGiuseppe Scrivano2018-07-13
| | | | | | | | | | | | | | | | | | | | | | unshare the mount namespace as well when creating an user namespace so that we are the owner of the mount namespace and we can mount FUSE file systems on Linux 4.18. Tested on Fedora Rawhide: podman --storage-opt overlay.fuse_program=/usr/bin/fuse-overlayfs run alpine echo hello hello Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | rootless: correctly propagate the exit status from the containerGiuseppe Scrivano2018-07-13
|/ | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: fix when argv[0] is not an absolute pathGiuseppe Scrivano2018-07-10
| | | | | | | | | | | | use execvp instead of exec so that we keep the PATH environment variable and the lookup for the "podman" executable works. Closes: https://github.com/projectatomic/libpod/issues/1070 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1072 Approved by: mheon
* rootless: add function to retrieve the original UIDGiuseppe Scrivano2018-07-05
| | | | | | | | | | After we re-exec in the userNS os.Getuid() returns the new UID (= 0) which is not what we want to use. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1048 Approved by: mheon
* rootless: do not configure additional groupsGiuseppe Scrivano2018-06-27
| | | | | | | | | Additional groups are not allowed in an userNS. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #936 Approved by: rhatdan
* rootless: add management for the userNSGiuseppe Scrivano2018-06-27
When running podman as non root user always create an userNS and let the OCI runtime use it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #936 Approved by: rhatdan