From 1074a02ff85bb9f1d0db3e4468b067a6516b1521 Mon Sep 17 00:00:00 2001 From: Brent Baude Date: Fri, 8 May 2020 13:09:11 -0500 Subject: v2 podman unshare command add unshare command add cp and init to container sub-command allow mount to run as rootless Signed-off-by: Brent Baude --- cmd/podman/containers/cp.go | 26 ++++++++++++++++++++-- cmd/podman/containers/init.go | 33 +++++++++++++++++++++++++--- cmd/podman/containers/mount.go | 3 --- cmd/podman/system/unshare.go | 50 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 104 insertions(+), 8 deletions(-) create mode 100644 cmd/podman/system/unshare.go (limited to 'cmd') diff --git a/cmd/podman/containers/cp.go b/cmd/podman/containers/cp.go index f0f9a158d..ac7037621 100644 --- a/cmd/podman/containers/cp.go +++ b/cmd/podman/containers/cp.go @@ -7,6 +7,7 @@ import ( "github.com/containers/libpod/pkg/rootless" "github.com/sirupsen/logrus" "github.com/spf13/cobra" + "github.com/spf13/pflag" ) var ( @@ -22,20 +23,41 @@ var ( RunE: cp, Example: "podman cp [CONTAINER:]SRC_PATH [CONTAINER:]DEST_PATH", } + + containerCpCommand = &cobra.Command{ + Use: cpCommand.Use, + Short: cpCommand.Short, + Long: cpCommand.Long, + Args: cpCommand.Args, + RunE: cpCommand.RunE, + Example: "podman container cp [CONTAINER:]SRC_PATH [CONTAINER:]DEST_PATH", + } ) var ( cpOpts entities.ContainerCpOptions ) +func cpFlags(flags *pflag.FlagSet) { + flags.BoolVar(&cpOpts.Extract, "extract", false, "Extract the tar file into the destination directory.") + flags.BoolVar(&cpOpts.Pause, "pause", copyPause(), "Pause the container while copying") +} + func init() { registry.Commands = append(registry.Commands, registry.CliCommand{ Mode: []entities.EngineMode{entities.ABIMode}, Command: cpCommand, }) flags := cpCommand.Flags() - flags.BoolVar(&cpOpts.Extract, "extract", false, "Extract the tar file into the destination directory.") - flags.BoolVar(&cpOpts.Pause, "pause", copyPause(), "Pause the container while copying") + cpFlags(flags) + + registry.Commands = append(registry.Commands, registry.CliCommand{ + Mode: []entities.EngineMode{entities.ABIMode}, + Command: containerCpCommand, + Parent: containerCmd, + }) + containerCpFlags := containerCpCommand.Flags() + cpFlags(containerCpFlags) } func cp(cmd *cobra.Command, args []string) error { diff --git a/cmd/podman/containers/init.go b/cmd/podman/containers/init.go index bb02f22fd..417f170c3 100644 --- a/cmd/podman/containers/init.go +++ b/cmd/podman/containers/init.go @@ -8,6 +8,7 @@ import ( "github.com/containers/libpod/cmd/podman/utils" "github.com/containers/libpod/pkg/domain/entities" "github.com/spf13/cobra" + "github.com/spf13/pflag" ) var ( @@ -25,21 +26,47 @@ var ( podman init 3c45ef19d893 podman init test1`, } + + containerInitCommand = &cobra.Command{ + Use: initCommand.Use, + Short: initCommand.Short, + Long: initCommand.Long, + RunE: initCommand.RunE, + Args: initCommand.Args, + Example: `podman container init --latest + podman container init 3c45ef19d893 + podman container init test1`, + } ) var ( initOptions entities.ContainerInitOptions ) +func initFlags(flags *pflag.FlagSet) { + flags.BoolVarP(&initOptions.All, "all", "a", false, "Initialize all containers") + flags.BoolVarP(&initOptions.Latest, "latest", "l", false, "Act on the latest container podman is aware of") + if registry.IsRemote() { + _ = flags.MarkHidden("latest") + } +} + func init() { registry.Commands = append(registry.Commands, registry.CliCommand{ Mode: []entities.EngineMode{entities.ABIMode, entities.TunnelMode}, Command: initCommand, }) flags := initCommand.Flags() - flags.BoolVarP(&initOptions.All, "all", "a", false, "Initialize all containers") - flags.BoolVarP(&initOptions.Latest, "latest", "l", false, "Act on the latest container podman is aware of") - _ = flags.MarkHidden("latest") + initFlags(flags) + + registry.Commands = append(registry.Commands, registry.CliCommand{ + Mode: []entities.EngineMode{entities.ABIMode, entities.TunnelMode}, + Parent: containerCmd, + Command: containerInitCommand, + }) + + containerInitFlags := containerInitCommand.Flags() + initFlags(containerInitFlags) } func initContainer(cmd *cobra.Command, args []string) error { diff --git a/cmd/podman/containers/mount.go b/cmd/podman/containers/mount.go index 0bdac72cb..af4d52caa 100644 --- a/cmd/podman/containers/mount.go +++ b/cmd/podman/containers/mount.go @@ -30,9 +30,6 @@ var ( Args: func(cmd *cobra.Command, args []string) error { return parse.CheckAllLatestAndCIDFile(cmd, args, true, false) }, - Annotations: map[string]string{ - registry.ParentNSRequired: "", - }, } containerMountCommmand = &cobra.Command{ diff --git a/cmd/podman/system/unshare.go b/cmd/podman/system/unshare.go new file mode 100644 index 000000000..7db5d36d2 --- /dev/null +++ b/cmd/podman/system/unshare.go @@ -0,0 +1,50 @@ +package system + +import ( + "os" + + "github.com/containers/libpod/cmd/podman/registry" + "github.com/containers/libpod/pkg/domain/entities" + "github.com/containers/libpod/pkg/rootless" + "github.com/pkg/errors" + "github.com/spf13/cobra" +) + +var ( + unshareDescription = "Runs a command in a modified user namespace." + unshareCommand = &cobra.Command{ + Use: "unshare [flags] [COMMAND [ARG]]", + Short: "Run a command in a modified user namespace", + Long: unshareDescription, + RunE: unshare, + Example: `podman unshare id + podman unshare cat /proc/self/uid_map, + podman unshare podman-script.sh`, + } +) + +func init() { + registry.Commands = append(registry.Commands, registry.CliCommand{ + Mode: []entities.EngineMode{entities.ABIMode}, + Command: unshareCommand, + }) + flags := unshareCommand.Flags() + flags.SetInterspersed(false) +} + +func unshare(cmd *cobra.Command, args []string) error { + if isRootless := rootless.IsRootless(); !isRootless { + return errors.Errorf("please use unshare with rootless") + } + // exec the specified command, if there is one + if len(args) < 1 { + // try to exec the shell, if one's set + shell, shellSet := os.LookupEnv("SHELL") + if !shellSet { + return errors.Errorf("no command specified and no $SHELL specified") + } + args = []string{shell} + } + + return registry.ContainerEngine().Unshare(registry.Context(), args) +} -- cgit v1.2.3-54-g00ecf