rootless: add function to retrieve the original UID

After we re-exec in the userNS os.Getuid() returns the new UID (= 0) which is not what we want to use. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1048 Approved by: mheon
2024-10-21 09:45:32 +00:00 · 2018-07-05 12:03:01 +02:00 · 2018-07-05 12:03:01 +02:00 · a1545fe6e4
parent e38272047f
commit a1545fe6e4
2 changed files with 19 additions and 0 deletions
--- a/pkg/rootless/rootless_linux.c
+++ b/pkg/rootless/rootless_linux.c
@ -88,6 +88,9 @@ reexec_in_user_namespace(int ready)
  char b;
  pid_t ppid = getpid ();
  char **argv;
+  char uid[16];
+
+  sprintf (uid, "%d", geteuid ());

  pid = syscall_clone (CLONE_NEWUSER|SIGCHLD, NULL);
  if (pid)
@ -96,6 +99,7 @@ reexec_in_user_namespace(int ready)
  argv = get_cmd_line_args (ppid);

  setenv ("_LIBPOD_USERNS_CONFIGURED", "init", 1);
+  setenv ("_LIBPOD_ROOTLESS_UID", uid, 1);

  do
    ret = read (ready, &b, 1) < 0;
@ -104,6 +108,10 @@ reexec_in_user_namespace(int ready)
    _exit (1);
  close (ready);

+  if (setresgid (0, 0, 0) < 0 ||
+      setresuid (0, 0, 0) < 0)
+    _exit (1);
+
  execv (argv[0], argv);

  _exit (1);
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@ -8,6 +8,7 @@ import (
 	"os"
 	gosignal "os/signal"
 	"runtime"
+	"strconv"
 	"syscall"

 	"github.com/containers/storage/pkg/idtools"
@ -26,6 +27,16 @@ func IsRootless() bool {
 	return os.Getuid() != 0 || os.Getenv("_LIBPOD_USERNS_CONFIGURED") != ""
 }

+// GetRootlessUID returns the UID of the user in the parent userNS
+func GetRootlessUID() int {
+	uidEnv := os.Getenv("_LIBPOD_ROOTLESS_UID")
+	if uidEnv != "" {
+		u, _ := strconv.Atoi(uidEnv)
+		return u
+	}
+	return os.Getuid()
+}
+
 // BecomeRootInUserNS re-exec podman in a new userNS
 func BecomeRootInUserNS() (bool, error) {