From c276a13880c59054beda7ecfa04b36e4588570f8 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Tue, 21 Aug 2018 12:01:28 -0400 Subject: Properly translate users into runc format for exec Runc exec expects the --user flag to be formatted as UID:GID. Use chrootuser code to translate whatever user is passed to exec into this format. Signed-off-by: Matthew Heon Closes: #1315 Approved by: vrothberg --- libpod/container_api.go | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'libpod/container_api.go') diff --git a/libpod/container_api.go b/libpod/container_api.go index 3e5b6ea53..56947eb3a 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -2,6 +2,7 @@ package libpod import ( "context" + "fmt" "io/ioutil" "os" "strconv" @@ -9,6 +10,7 @@ import ( "time" "github.com/containers/libpod/libpod/driver" + "github.com/containers/libpod/pkg/chrootuser" "github.com/containers/libpod/pkg/inspect" "github.com/containers/storage/pkg/stringid" "github.com/docker/docker/daemon/caps" @@ -298,6 +300,19 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user string) e capList = caps.GetAllCapabilities() } + // If user was set, look it up in the container to get a UID to use on + // the host + hostUser := "" + if user != "" { + uid, gid, err := chrootuser.GetUser(c.state.Mountpoint, user) + if err != nil { + return errors.Wrapf(err, "error getting user to launch exec session as") + } + + // runc expects user formatted as uid:gid + hostUser = fmt.Sprintf("%d:%d", uid, gid) + } + // Generate exec session ID // Ensure we don't conflict with an existing session ID sessionID := stringid.GenerateNonCryptoID() @@ -318,7 +333,7 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user string) e logrus.Debugf("Creating new exec session in container %s with session id %s", c.ID(), sessionID) - execCmd, err := c.runtime.ociRuntime.execContainer(c, cmd, capList, env, tty, user, sessionID) + execCmd, err := c.runtime.ociRuntime.execContainer(c, cmd, capList, env, tty, hostUser, sessionID) if err != nil { return errors.Wrapf(err, "error creating exec command for container %s", c.ID()) } -- cgit v1.2.3-54-g00ecf