summaryrefslogtreecommitdiff
path: root/pkg/rootless
Commit message (Collapse)AuthorAge
* rootless: allow to build without cgoGiuseppe Scrivano2019-07-02
| | | | | | | unfortunately rootless won't work without cgo, as most of the implementation is in C, but at least allow to build libpod. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: do not join namespace if it has already euid == 0Giuseppe Scrivano2019-07-01
| | | | | | | | | do not attempt to join the rootless namespace if it is running already with euid == 0. Closes: https://github.com/containers/libpod/issues/3463 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #3397 from giuseppe/fix-rebootOpenShift Merge Robot2019-06-28
|\ | | | | rootless: enable linger if /run/user/UID not exists
| * rootless: enable linger if /run/user/UID not existsGiuseppe Scrivano2019-06-27
| | | | | | | | | | | | | | | | | | | | | | | | | | at least on Fedora 30 it creates the /run/user/UID directory for the user logged in via ssh. This needs to be done very early so that every other check when we create the default configuration file will point to the correct location. Closes: https://github.com/containers/libpod/issues/3410 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Exclude SIGTERM from blocked signals for pause process.Danila Kiver2019-06-28
|/ | | | | | | | | | | | Currently pause process blocks all signals which may cause its termination, including SIGTERM. This behavior hangs init(1) during system shutdown, until pause process gets SIGKILLed after some grace period. To avoid this hanging, SIGTERM is excluded from list of blocked signals. Fixes #3440 Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
* Build cgo files with -Wall -WerrorSascha Grunert2019-06-21
| | | | | | | | To avoid unnecessary warnings and errors in the future I'd like to propose building all cgo related sources with `-Wall -Werror`. This commit fixes some warnings which came up in `shm_lock.c`, too. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* Merge pull request #3379 from openSUSE/rootless-fixOpenShift Merge Robot2019-06-21
|\ | | | | Fix format specifiers in rootless_linux.c
| * Fix format specifiers in rootless_linux.cSascha Grunert2019-06-20
| | | | | | | | | | | | | | Format `%d` expects argument of type `int`, but the argument has a type of `long int`. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | Merge pull request #3380 from openSUSE/asprintf-fixOpenShift Merge Robot2019-06-20
|\ \ | | | | | | Handle possible asprintf failure in rootless_linux.c
| * | Handle possible asprintf failure in rootless_linux.cSascha Grunert2019-06-20
| |/ | | | | | | | | | | If `asprintf` fails we early exit now. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* / Fix execvp uage in rootless_linux.cSascha Grunert2019-06-20
|/ | | | | | | The second argument of `execlp` should be of type `char *`, so we need to add an additional argument there. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* Fix cgo includes for muslCameron Nemo2019-06-08
| | | | | | closes #3284 Signed-off-by: Cameron Nemo <cnemo@tutanota.com>
* rootless: skip NS_GET_PARENT on old kernelsGiuseppe Scrivano2019-06-06
| | | | | | | | | | | | on old kernels the ioctl NS_GET_PARENT is not available. Handle the error code and immediately return the same fd. It should be fine now that we use the namespace resolution using the conmon pid, so the namespace parent resolution is just a safety measure. Closes: https://github.com/containers/libpod/issues/2968 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: block signals on re-execGiuseppe Scrivano2019-06-03
| | | | | | | | | | | | | we are allowed to use only signal safe functions between a fork of a multithreaded application and the next execve. Since setenv(3) is not signal safe, block signals. We are already doing it for creating a new namespace. This is mostly a cleanup since reexec_in_user_namespace_wait is used only only to join existing namespaces when we have not a pause.pid file. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: use TEMP_FAILURE_RETRY macroGiuseppe Scrivano2019-05-31
| | | | | | avoid checking for EINTR for every syscall that could block. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: fix return typeGiuseppe Scrivano2019-05-31
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: make sure the buffer is NUL terminatedGiuseppe Scrivano2019-05-31
| | | | | | | after we read from the pause PID file, NUL terminate the buffer to avoid reading garbage from the stack. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: make JoinUserAndMountNS privateGiuseppe Scrivano2019-05-25
| | | | | | as it is used only by the rootless package now. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: enable loginctl lingerGiuseppe Scrivano2019-05-25
| | | | | | | otherwise the processes we leave around will be killed once the session terminates. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: new function to join existing conmon processesGiuseppe Scrivano2019-05-25
| | | | | | | | | | | | | | | move the logic for joining existing namespaces down to the rootless package. In main_local we still retrieve the list of conmon pid files and use it from the rootless package. In addition, create a temporary user namespace for reading these files, as the unprivileged user might not have enough privileges for reading the conmon pid file, for example when running with a different uidmap and root in the container is different than the rootless user. Closes: https://github.com/containers/libpod/issues/3187 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: block signals for pauseGiuseppe Scrivano2019-05-25
| | | | | | | block signals for the pause process, so it can't be killed by mistake. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: store also the original GID in the hostGiuseppe Scrivano2019-05-23
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: join namespace immediately when possibleGiuseppe Scrivano2019-05-17
| | | | | | | | | | | add a shortcut for joining immediately the namespace so we don't need to re-exec Podman. With the pause process simplificaton, we can now attempt to join the namespaces as soon as Podman starts (and before the Go runtime kicks in), so that we don't need to re-exec and use just one process. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: use a pause processGiuseppe Scrivano2019-05-17
| | | | | | | | | | | | | | | | | use a pause process to keep the user and mount namespace alive. The pause process is created immediately on reload, and all successive Podman processes will refer to it for joining the user&mount namespace. This solves all the race conditions we had on joining the correct namespaces using the conmon processes. As a fallback if the join fails for any reason (e.g. the pause process was killed), then we try to join the running containers as we were doing before. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: not close more FDs than neededGiuseppe Scrivano2019-04-18
| | | | | | | | | | | | we were previously closing as many FDs as they were open when we first started Podman in the range (3-MAX-FD). This would cause issues if there were empty intervals, as these FDs are later on used by the Golang runtime. Store exactly what FDs were first open in a fd_set, so that we can close exactly the FDs that were open at startup. Closes: https://github.com/containers/libpod/issues/2964 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Revert "rootless: set controlling terminal for podman in the userns"Giuseppe Scrivano2019-04-14
| | | | | | | | This reverts commit 531514e8231e7f42efb7e7992d62e516f9577363. Closes: https://github.com/containers/libpod/issues/2926 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: do not block SIGTSTPGiuseppe Scrivano2019-04-12
| | | | | | | | | we were previously proxying all the signals, but doing that for SIGTSTP prevented the main process to be stopped by the tty. Closes: https://github.com/containers/libpod/issues/2775 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: set controlling terminal for podman in the usernsGiuseppe Scrivano2019-04-12
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: use a single user namespaceGiuseppe Scrivano2019-04-01
| | | | | | | | | | | | | | | | | | | | | simplify the rootless implementation to use a single user namespace for all the running containers. This makes the rootless implementation behave more like root Podman, where each container is created in the host environment. There are multiple advantages to it: 1) much simpler implementation as there is only one namespace to join. 2) we can join namespaces owned by different containers. 3) commands like ps won't be limited to what container they can access as previously we either had access to the storage from a new namespace or access to /proc when running from the host. 4) rootless varlink works. 5) there are only two ways to enter in a namespace, either by creating a new one if no containers are running or joining the existing one from any container. Containers created by older Podman versions must be restarted. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: remove SkipStorageSetup()Giuseppe Scrivano2019-04-01
| | | | | | | | in the few places where we care about skipping the storage initialization, we can simply use the process effective UID, instead of relying on a global boolean flag. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: change env prefixGiuseppe Scrivano2019-03-28
| | | | | | | | | | from _LIBPOD to _CONTAINERS. The same change was done in buildah unshare. This is necessary for podman to detect we are running in a rootless environment and work properly from a "buildah unshare" session. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: use Geteuid instead of GetuidGiuseppe Scrivano2019-03-15
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Add gating tasksbaude2019-03-13
| | | | | | | | | | | to protect against regressions, we need to add a few gating tasks: * build with varlink * build podman-remote * build podman-remote-darwin we already have a gating task for building without varlink Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2583 from giuseppe/rootless-fix-pod-rmOpenShift Merge Robot2019-03-11
|\ | | | | rootless: fix stop and rm when the container is running with uid != 0
| * rootless: support a custom arg to the new processGiuseppe Scrivano2019-03-11
| | | | | | | | | | | | | | | | | | let the process running as euid != 0 pass down an argument to the process running in the user namespace. This will be useful for commands like rm -a that needs to join different namespaces, so that we can re-exec separately for each of them. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | rootless: allow single mappingsGiuseppe Scrivano2019-03-11
|/ | | | | | | | | | | | | | | | | | | | | | we were playing safe and not allowed any container to have less than 65536 mappings. There are a couple of reasons to change it: - it blocked libpod to work in an environment where newuidmap/newgidmap are not available, or not configured. - not allowed to use different partitions of subuids, where each user has less than 65536 ids available. Hopefully this change in containers/storage: https://github.com/containers/storage/pull/303 will make error clearers if there are not enough IDs for the image that is being used. Closes: https://github.com/containers/libpod/issues/1651 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: propagate errors from infoGiuseppe Scrivano2019-03-08
| | | | | | | | | we use "podman info" to reconfigure the runtime after a reboot, but we don't propagate the error message back if something goes wrong. Closes: https://github.com/containers/libpod/issues/2584 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #2543 from giuseppe/fix-rootless-s390x-crisOpenShift Merge Robot2019-03-06
|\ | | | | rootless: fix clone syscall on s390 and cris archs
| * rootless: fix clone syscall on s390 and cris archsGiuseppe Scrivano2019-03-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | from the clone man page: On the cris and s390 architectures, the order of the first two arguments is reversed: long clone(void *child_stack, unsigned long flags, int *ptid, int *ctid, unsigned long newtls); Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1672714 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | exec: support --preserve-fdsGiuseppe Scrivano2019-03-02
|/ | | | | | | | Allow to pass additional FDs to the process being executed. Closes: https://github.com/containers/libpod/issues/2372 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless, new[ug]idmap: on failure add outputGiuseppe Scrivano2019-02-28
| | | | | | | if any of the mapping tools for setting up the user namespace fail, then include their output in the error message. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: force same cwd when re-execingGiuseppe Scrivano2019-02-22
| | | | | | | | | | when joining an existing namespace, we were not maintaining the current working directory, causing commands like export -o to fail when they weren't referring to absolute paths. Closes: https://github.com/containers/libpod/issues/2381 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Adjust LISTEN_PID for reexec in varlink modeHarald Hoyer2019-02-21
| | | | | | | | Because the varlink server honors the socket activation protocol, LISTEN_PID has to be adjusted with the new PID. https://varlink.org/FAQ.html#how-does-socket-activation-work Signed-off-by: Harald Hoyer <harald@redhat.com>
* Cleanup coverity scan issuesDaniel J Walsh2019-01-15
| | | | | | If realloc fails, then buffer will be leaked, this change frees up the buffer. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add darwin support for remote-clientbaude2019-01-11
| | | | | | | | Add the ability to cross-compile podman remote for OSX. Also, add image exists and tag to remote-client. Signed-off-by: baude <bbaude@redhat.com>
* rootless: add function to join user and mount namespaceGiuseppe Scrivano2018-12-21
| | | | | | | | | | Add the possibility to join directly the user and mount namespace without looking up the parent of the user namespace. We need this in order to be able the conmon process, as the mount namespace is kept alive only there. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: raise error if newuidmap/newgidmap are not installedGiuseppe Scrivano2018-12-03
| | | | | | | | | | it was reported on IRC that Podman on Ubuntu failed as newuidmap/newgidmap were not installed by default. Raise an error if we are not allowing single mappings (used only by the tests suite) and any of the binaries is not present. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: call IsRootless just onceGiuseppe Scrivano2018-11-14
| | | | | | | we are calling this function several times, it is worth to store its result and re-use it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Better document rootless containersDaniel J Walsh2018-11-10
| | | | | | | | | Need to return an error pointing user in right direction if rootless podman fails, because of no /etc/subuid or /etc/subgid files. Also fix up man pages to better describe rootless podman. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* rootless: detect when user namespaces are not enabledGiuseppe Scrivano2018-10-11
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>