container/podman
container/podman
1
0
Fork 0
mirror of https://github.com/containers/podman synced 2024-10-21 17:53:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
podman/libpod
History
Giuseppe Scrivano 720eb85ba5 rootless: fix exec 
We cannot re-exec into a new user namespace to gain privileges and
access an existing as the new namespace is not the owner of the
existing container.

"unshare" is used to join the user namespace of the target container.

The current implementation assumes that the main process of the
container didn't create a new user namespace.

Since in the setup phase we are not running with euid=0, we must skip
the setup for containers/storage.

Closes: https://github.com/containers/libpod/issues/1329

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

Closes: #1331
Approved by: rhatdan
2018-08-26 07:22:42 +00:00
..
common Change un/pwd handling to match Buildah's 2018-02-06 09:29:23 -05:00
driver switch projectatomic to containers 2018-08-16 17:12:36 +00:00
image switch projectatomic to containers 2018-08-16 17:12:36 +00:00
layers Initial checkin from CRI-O repo 2017-11-01 11:24:59 -04:00
testdata Add hooks support to podman 2018-04-05 14:13:49 +00:00
boltdb_state.go Make failure to retrieve individual ctrs/pods nonfatal 2018-08-17 19:10:21 +00:00
boltdb_state_internal.go Do not fetch pod and ctr State on retrieval in Bolt 2018-07-31 14:19:50 +00:00
boltdb_state_linux.go Do not fetch pod and ctr State on retrieval in Bolt 2018-07-31 14:19:50 +00:00
boltdb_state_unsupported.go Fix build on non-linux platforms 2018-07-31 14:19:50 +00:00
common_test.go Rework state testing to allow State structs to be empty 2018-07-31 14:19:50 +00:00
container.go Swap from FFJSON to easyjson 2018-08-24 19:19:43 +00:00
container_api.go Properly translate users into runc format for exec 2018-08-23 12:07:59 +00:00
container_attach.go switch projectatomic to containers 2018-08-16 17:12:36 +00:00
container_commit.go Vendor in latest projectatomic/buildah 2018-08-23 19:11:09 +00:00
container_easyjson.go Regenerate easyjson after rebase 2018-08-24 19:19:43 +00:00
container_graph.go Remove a loop in container graph 2018-03-29 02:18:45 +00:00
container_graph_test.go Fix tests 2018-03-29 02:18:45 +00:00
container_inspect.go Reveal information about container capabilities 2018-08-24 12:16:19 +00:00
container_internal.go Added option to share kernel namespaces in libpod and podman 2018-08-23 18:16:28 +00:00
container_internal_linux.go Fixing network ns segfault 2018-08-23 18:16:28 +00:00
container_internal_test.go Fix TestPostDeleteHooks on macOS 2018-07-19 16:12:49 +00:00
container_internal_unsupported.go Remove now-unneeded cleanupCgroup() for unsupported OS 2018-07-06 15:29:38 +00:00
container_linux.go Do not fetch pod and ctr State on retrieval in Bolt 2018-07-31 14:19:50 +00:00
container_top_linux.go vendor latest containers/psgo 2018-07-26 17:01:40 +00:00
container_top_unsupported.go podman-top: use containers/psgo 2018-07-19 20:47:52 +00:00
container_unsupported.go Do not fetch pod and ctr State on retrieval in Bolt 2018-07-31 14:19:50 +00:00
diff.go switch projectatomic to containers 2018-08-16 17:12:36 +00:00
errors.go Add namespaces and initial constraints to database 2018-07-24 16:12:31 -04:00
in_memory_state.go switch projectatomic to containers 2018-08-16 17:12:36 +00:00
info.go switch projectatomic to containers 2018-08-16 17:12:36 +00:00
networking_linux.go Fixed segfault in stats where container had netNS none or from container 2018-08-21 15:37:39 +00:00
networking_unsupported.go switch projectatomic to containers 2018-08-16 17:12:36 +00:00
oci.go rootless: fix exec 2018-08-26 07:22:42 +00:00
oci_linux.go switch projectatomic to containers 2018-08-16 17:12:36 +00:00
oci_unsupported.go Have info print conmon/oci runtime information 2018-08-07 14:16:26 +00:00
options.go Refactor error checking in With*NSFromPod options 2018-08-23 18:16:28 +00:00
pod.go Swap from FFJSON to easyjson 2018-08-24 19:19:43 +00:00
pod_api.go Fixing network ns segfault 2018-08-23 18:16:28 +00:00
pod_easyjson.go Regenerate easyjson after rebase 2018-08-24 19:19:43 +00:00
pod_internal.go Change pause container to infra container 2018-08-23 18:16:28 +00:00
pod_top_linux.go Add podman pod top 2018-08-23 15:01:17 +00:00
pod_top_unsupported.go Add podman pod top 2018-08-23 15:01:17 +00:00
runtime.go rootless: fix exec 2018-08-26 07:22:42 +00:00
runtime_ctr.go Fixing network ns segfault 2018-08-23 18:16:28 +00:00
runtime_img.go switch projectatomic to containers 2018-08-16 17:12:36 +00:00
runtime_img_test.go switch projectatomic to containers 2018-08-16 17:12:36 +00:00
runtime_pod.go Fixing network ns segfault 2018-08-23 18:16:28 +00:00
runtime_pod_infra_linux.go Fixing network ns segfault 2018-08-23 18:16:28 +00:00
runtime_pod_linux.go Fixing network ns segfault 2018-08-23 18:16:28 +00:00
runtime_pod_unsupported.go Added option to share kernel namespaces in libpod and podman 2018-08-23 18:16:28 +00:00
state.go Do not fetch pod and ctr State on retrieval in Bolt 2018-07-31 14:19:50 +00:00
state_test.go Rework state testing to allow State structs to be empty 2018-07-31 14:19:50 +00:00
stats.go Changed GetContainerStats to return ErrCtrStateInvalid 2018-08-23 15:58:08 +00:00
stats_config.go changes to allow for darwin compilation 2018-06-29 20:44:09 +00:00
stats_unsupported.go changes to allow for darwin compilation 2018-06-29 20:44:09 +00:00
storage.go Add --force to podman umount to force the unmounting of the rootfs 2018-08-01 17:53:30 +00:00
util.go Refactor error checking in With*NSFromPod options 2018-08-23 18:16:28 +00:00
util_linux.go Fix build on non-Linux OSes 2018-08-15 18:07:04 +00:00
util_test.go Stage3 Image Library 2018-03-14 20:21:31 +00:00
util_unsupported.go Fix build on non-Linux OSes 2018-08-15 18:07:04 +00:00
version.go switch projectatomic to containers 2018-08-16 17:12:36 +00:00