From d9ff0fd15da268fae9744a60522ecdf94744b74a Mon Sep 17 00:00:00 2001 From: Ashley Cui Date: Fri, 24 Jun 2022 10:22:25 -0400 Subject: Only allow Rootless runs of Podman Machine Podman Machine crashes if run as root. When creating the machine, we write the ignition so that the UID of the core user matches the UID of the user on the host. We by default, create the root user on the machine with UID 0. If the user on the host is root, the core UID and the Root UID collide, causing a the VM not to boot. [NO NEW TESTS NEEDED] Signed-off-by: Ashley Cui --- cmd/podman/machine/init.go | 1 + cmd/podman/machine/inspect.go | 1 + cmd/podman/machine/list.go | 1 + cmd/podman/machine/machine.go | 9 +++++++++ cmd/podman/machine/rm.go | 1 + cmd/podman/machine/set.go | 1 + cmd/podman/machine/ssh.go | 9 +++++---- cmd/podman/machine/start.go | 1 + cmd/podman/machine/stop.go | 1 + 9 files changed, 21 insertions(+), 4 deletions(-) (limited to 'cmd/podman') diff --git a/cmd/podman/machine/init.go b/cmd/podman/machine/init.go index 612c36057..f84201d82 100644 --- a/cmd/podman/machine/init.go +++ b/cmd/podman/machine/init.go @@ -20,6 +20,7 @@ var ( Use: "init [options] [NAME]", Short: "Initialize a virtual machine", Long: "initialize a virtual machine ", + PersistentPreRunE: rootlessOnly, RunE: initMachine, Args: cobra.MaximumNArgs(1), Example: `podman machine init myvm`, diff --git a/cmd/podman/machine/inspect.go b/cmd/podman/machine/inspect.go index 4600a2b6d..d69c382f2 100644 --- a/cmd/podman/machine/inspect.go +++ b/cmd/podman/machine/inspect.go @@ -20,6 +20,7 @@ var ( Use: "inspect [options] [MACHINE...]", Short: "Inspect an existing machine", Long: "Provide details on a managed virtual machine", + PersistentPreRunE: rootlessOnly, RunE: inspect, Example: `podman machine inspect myvm`, ValidArgsFunction: autocompleteMachine, diff --git a/cmd/podman/machine/list.go b/cmd/podman/machine/list.go index bb14d4a67..a1c4a9b06 100644 --- a/cmd/podman/machine/list.go +++ b/cmd/podman/machine/list.go @@ -27,6 +27,7 @@ var ( Aliases: []string{"ls"}, Short: "List machines", Long: "List managed virtual machines.", + PersistentPreRunE: rootlessOnly, RunE: list, Args: validate.NoArgs, ValidArgsFunction: completion.AutocompleteNone, diff --git a/cmd/podman/machine/machine.go b/cmd/podman/machine/machine.go index 5a8a06b9d..d3d44b45e 100644 --- a/cmd/podman/machine/machine.go +++ b/cmd/podman/machine/machine.go @@ -5,6 +5,7 @@ package machine import ( "errors" + "fmt" "net" "os" "path/filepath" @@ -17,6 +18,7 @@ import ( "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/libpod/events" "github.com/containers/podman/v4/pkg/machine" + "github.com/containers/podman/v4/pkg/rootless" "github.com/containers/podman/v4/pkg/util" "github.com/sirupsen/logrus" "github.com/spf13/cobra" @@ -162,3 +164,10 @@ func closeMachineEvents(cmd *cobra.Command, _ []string) error { } return nil } + +func rootlessOnly(cmd *cobra.Command, args []string) error { + if !rootless.IsRootless() { + return fmt.Errorf("cannot run command %q as root", cmd.CommandPath()) + } + return nil +} diff --git a/cmd/podman/machine/rm.go b/cmd/podman/machine/rm.go index a6e66265c..362c9a7d3 100644 --- a/cmd/podman/machine/rm.go +++ b/cmd/podman/machine/rm.go @@ -20,6 +20,7 @@ var ( Use: "rm [options] [MACHINE]", Short: "Remove an existing machine", Long: "Remove a managed virtual machine ", + PersistentPreRunE: rootlessOnly, RunE: rm, Args: cobra.MaximumNArgs(1), Example: `podman machine rm myvm`, diff --git a/cmd/podman/machine/set.go b/cmd/podman/machine/set.go index 5777882da..1b9e1b2bd 100644 --- a/cmd/podman/machine/set.go +++ b/cmd/podman/machine/set.go @@ -18,6 +18,7 @@ var ( Use: "set [options] [NAME]", Short: "Sets a virtual machine setting", Long: "Sets an updatable virtual machine setting", + PersistentPreRunE: rootlessOnly, RunE: setMachine, Args: cobra.MaximumNArgs(1), Example: `podman machine set --rootful=false`, diff --git a/cmd/podman/machine/ssh.go b/cmd/podman/machine/ssh.go index 8261f3607..38b8914fb 100644 --- a/cmd/podman/machine/ssh.go +++ b/cmd/podman/machine/ssh.go @@ -17,10 +17,11 @@ import ( var ( sshCmd = &cobra.Command{ - Use: "ssh [options] [NAME] [COMMAND [ARG ...]]", - Short: "SSH into an existing machine", - Long: "SSH into a managed virtual machine ", - RunE: ssh, + Use: "ssh [options] [NAME] [COMMAND [ARG ...]]", + Short: "SSH into an existing machine", + Long: "SSH into a managed virtual machine ", + PersistentPreRunE: rootlessOnly, + RunE: ssh, Example: `podman machine ssh myvm podman machine ssh myvm echo hello`, ValidArgsFunction: autocompleteMachineSSH, diff --git a/cmd/podman/machine/start.go b/cmd/podman/machine/start.go index 3bd7f4a25..e645bba87 100644 --- a/cmd/podman/machine/start.go +++ b/cmd/podman/machine/start.go @@ -18,6 +18,7 @@ var ( Use: "start [MACHINE]", Short: "Start an existing machine", Long: "Start a managed virtual machine ", + PersistentPreRunE: rootlessOnly, RunE: start, Args: cobra.MaximumNArgs(1), Example: `podman machine start myvm`, diff --git a/cmd/podman/machine/stop.go b/cmd/podman/machine/stop.go index 993662792..ce87a44c4 100644 --- a/cmd/podman/machine/stop.go +++ b/cmd/podman/machine/stop.go @@ -17,6 +17,7 @@ var ( Use: "stop [MACHINE]", Short: "Stop an existing machine", Long: "Stop a managed virtual machine ", + PersistentPreRunE: rootlessOnly, RunE: stop, Args: cobra.MaximumNArgs(1), Example: `podman machine stop myvm`, -- cgit v1.2.3-54-g00ecf