mirror of
https://github.com/containers/podman
synced 2024-10-21 09:45:32 +00:00
rootless: add function to retrieve the original UID
After we re-exec in the userNS os.Getuid() returns the new UID (= 0) which is not what we want to use. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1048 Approved by: mheon
This commit is contained in:
parent
e38272047f
commit
a1545fe6e4
|
@ -88,6 +88,9 @@ reexec_in_user_namespace(int ready)
|
|||
char b;
|
||||
pid_t ppid = getpid ();
|
||||
char **argv;
|
||||
char uid[16];
|
||||
|
||||
sprintf (uid, "%d", geteuid ());
|
||||
|
||||
pid = syscall_clone (CLONE_NEWUSER|SIGCHLD, NULL);
|
||||
if (pid)
|
||||
|
@ -96,6 +99,7 @@ reexec_in_user_namespace(int ready)
|
|||
argv = get_cmd_line_args (ppid);
|
||||
|
||||
setenv ("_LIBPOD_USERNS_CONFIGURED", "init", 1);
|
||||
setenv ("_LIBPOD_ROOTLESS_UID", uid, 1);
|
||||
|
||||
do
|
||||
ret = read (ready, &b, 1) < 0;
|
||||
|
@ -104,6 +108,10 @@ reexec_in_user_namespace(int ready)
|
|||
_exit (1);
|
||||
close (ready);
|
||||
|
||||
if (setresgid (0, 0, 0) < 0 ||
|
||||
setresuid (0, 0, 0) < 0)
|
||||
_exit (1);
|
||||
|
||||
execv (argv[0], argv);
|
||||
|
||||
_exit (1);
|
||||
|
|
|
@ -8,6 +8,7 @@ import (
|
|||
"os"
|
||||
gosignal "os/signal"
|
||||
"runtime"
|
||||
"strconv"
|
||||
"syscall"
|
||||
|
||||
"github.com/containers/storage/pkg/idtools"
|
||||
|
@ -26,6 +27,16 @@ func IsRootless() bool {
|
|||
return os.Getuid() != 0 || os.Getenv("_LIBPOD_USERNS_CONFIGURED") != ""
|
||||
}
|
||||
|
||||
// GetRootlessUID returns the UID of the user in the parent userNS
|
||||
func GetRootlessUID() int {
|
||||
uidEnv := os.Getenv("_LIBPOD_ROOTLESS_UID")
|
||||
if uidEnv != "" {
|
||||
u, _ := strconv.Atoi(uidEnv)
|
||||
return u
|
||||
}
|
||||
return os.Getuid()
|
||||
}
|
||||
|
||||
// BecomeRootInUserNS re-exec podman in a new userNS
|
||||
func BecomeRootInUserNS() (bool, error) {
|
||||
|
||||
|
|
Loading…
Reference in a new issue