From 5ff90677c83b78366554493e10f7615119f7e0a1 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Mon, 11 Jun 2018 16:03:34 +0200
Subject: rootless: add management for the userNS

When running podman as non root user always create an userNS and let
the OCI runtime use it.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

Closes: #936
Approved by: rhatdan
---
 cmd/podman/libpodruntime/runtime.go |  3 ++-
 cmd/podman/main.go                  | 10 ++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

(limited to 'cmd')

diff --git a/cmd/podman/libpodruntime/runtime.go b/cmd/podman/libpodruntime/runtime.go
index 042ce87e5..abe0115e9 100644
--- a/cmd/podman/libpodruntime/runtime.go
+++ b/cmd/podman/libpodruntime/runtime.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/containers/storage"
 	"github.com/projectatomic/libpod/libpod"
+	"github.com/projectatomic/libpod/pkg/rootless"
 	"github.com/urfave/cli"
 )
 
@@ -40,7 +41,7 @@ func GetRootlessStorageOpts() (storage.StoreOptions, error) {
 
 func GetDefaultStoreOptions() (storage.StoreOptions, error) {
 	storageOpts := storage.DefaultStoreOptions
-	if os.Getuid() != 0 {
+	if rootless.IsRootless() {
 		var err error
 		storageOpts, err = GetRootlessStorageOpts()
 		if err != nil {
diff --git a/cmd/podman/main.go b/cmd/podman/main.go
index f936a332f..fefd8fdad 100644
--- a/cmd/podman/main.go
+++ b/cmd/podman/main.go
@@ -11,6 +11,7 @@ import (
 	"github.com/pkg/errors"
 	"github.com/projectatomic/libpod/pkg/hooks"
 	_ "github.com/projectatomic/libpod/pkg/hooks/0.1.0"
+	"github.com/projectatomic/libpod/pkg/rootless"
 	"github.com/projectatomic/libpod/version"
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
@@ -26,6 +27,15 @@ func main() {
 	debug := false
 	cpuProfile := false
 
+	became, err := rootless.BecomeRootInUserNS()
+	if err != nil {
+		logrus.Errorf(err.Error())
+		os.Exit(1)
+	}
+	if became {
+		os.Exit(0)
+	}
+
 	if reexec.Init() {
 		return
 	}
-- 
cgit v1.2.3-54-g00ecf