From d47a9a6c4d0fac435abb35c9c38b777d12e653fc Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 22 Feb 2019 11:14:10 +0100 Subject: cmd: support rootless mode for cp command Signed-off-by: Giuseppe Scrivano --- cmd/podman/cp.go | 34 ++++++++++++++++++++++++++++++++++ cmd/podman/main.go | 1 + 2 files changed, 35 insertions(+) (limited to 'cmd/podman') diff --git a/cmd/podman/cp.go b/cmd/podman/cp.go index 89114fda1..d9f230b67 100644 --- a/cmd/podman/cp.go +++ b/cmd/podman/cp.go @@ -1,8 +1,10 @@ package main import ( + "io/ioutil" "os" "path/filepath" + "strconv" "strings" "github.com/containers/buildah/util" @@ -10,6 +12,7 @@ import ( "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/containers/libpod/libpod" "github.com/containers/libpod/pkg/chrootuser" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/storage" "github.com/containers/storage/pkg/archive" "github.com/containers/storage/pkg/chrootarchive" @@ -48,6 +51,9 @@ func cpCmd(c *cliconfig.CpValues) error { if len(args) != 2 { return errors.Errorf("you must provide a source path and a destination path") } + if os.Geteuid() != 0 { + rootless.SetSkipStorageSetup(true) + } runtime, err := libpodruntime.GetRuntime(&c.PodmanCommand) if err != nil { @@ -76,6 +82,34 @@ func copyBetweenHostAndContainer(runtime *libpod.Runtime, src string, dest strin ctr = destCtr } + if os.Geteuid() != 0 { + s, err := ctr.State() + if err != nil { + return err + } + var became bool + var ret int + if s == libpod.ContainerStateRunning || s == libpod.ContainerStatePaused { + data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile) + if err != nil { + return errors.Wrapf(err, "cannot read conmon PID file %q", ctr.Config().ConmonPidFile) + } + conmonPid, err := strconv.Atoi(string(data)) + if err != nil { + return errors.Wrapf(err, "cannot parse PID %q", data) + } + became, ret, err = rootless.JoinDirectUserAndMountNS(uint(conmonPid)) + } else { + became, ret, err = rootless.BecomeRootInUserNS() + } + if err != nil { + return err + } + if became { + os.Exit(ret) + } + } + mountPoint, err := ctr.Mount() if err != nil { return err diff --git a/cmd/podman/main.go b/cmd/podman/main.go index 990e55a8c..bb21f2f79 100644 --- a/cmd/podman/main.go +++ b/cmd/podman/main.go @@ -61,6 +61,7 @@ var cmdsNotRequiringRootless = map[*cobra.Command]bool{ _versionCommand: true, _createCommand: true, _execCommand: true, + _cpCommand: true, _exportCommand: true, //// `info` must be executed in an user namespace. //// If this change, please also update libpod.refreshRootless() -- cgit v1.2.3-54-g00ecf