Merge pull request #25244 from giuseppe/mount-fix-segfault
images: fix segfault when mounting without cap_sys_admin
This commit is contained in:
commit
24b686e70c
|
@ -35,6 +35,7 @@ import (
|
|||
"github.com/containers/podman/v5/pkg/specgenutil"
|
||||
"github.com/containers/podman/v5/pkg/util"
|
||||
"github.com/containers/storage"
|
||||
"github.com/containers/storage/pkg/unshare"
|
||||
"github.com/containers/storage/types"
|
||||
"github.com/hashicorp/go-multierror"
|
||||
"github.com/sirupsen/logrus"
|
||||
|
@ -1361,7 +1362,11 @@ func (ic *ContainerEngine) ContainerInit(ctx context.Context, namesOrIds []strin
|
|||
}
|
||||
|
||||
func (ic *ContainerEngine) ContainerMount(ctx context.Context, nameOrIDs []string, options entities.ContainerMountOptions) ([]*entities.ContainerMountReport, error) {
|
||||
if os.Geteuid() != 0 {
|
||||
hasCapSysAdmin, err := unshare.HasCapSysAdmin()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if os.Geteuid() != 0 || !hasCapSysAdmin {
|
||||
if driver := ic.Libpod.StorageConfig().GraphDriverName; driver != "vfs" {
|
||||
// Do not allow to mount a graphdriver that is not vfs if we are creating the userns as part
|
||||
// of the mount command.
|
||||
|
|
|
@ -38,6 +38,7 @@ import (
|
|||
"github.com/containers/podman/v5/pkg/errorhandling"
|
||||
"github.com/containers/podman/v5/pkg/rootless"
|
||||
"github.com/containers/storage"
|
||||
"github.com/containers/storage/pkg/unshare"
|
||||
"github.com/containers/storage/types"
|
||||
"github.com/opencontainers/go-digest"
|
||||
imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1"
|
||||
|
@ -157,6 +158,28 @@ func (ir *ImageEngine) Mount(ctx context.Context, nameOrIDs []string, opts entit
|
|||
listMountsOnly := false
|
||||
var images []*libimage.Image
|
||||
var err error
|
||||
|
||||
hasCapSysAdmin, err := unshare.HasCapSysAdmin()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if os.Geteuid() != 0 || !hasCapSysAdmin {
|
||||
if driver := ir.Libpod.StorageConfig().GraphDriverName; driver != "vfs" {
|
||||
// Do not allow to mount a graphdriver that is not vfs if we are creating the userns as part
|
||||
// of the mount command.
|
||||
return nil, fmt.Errorf("cannot mount using driver %s in rootless mode", driver)
|
||||
}
|
||||
|
||||
became, ret, err := rootless.BecomeRootInUserNS("")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if became {
|
||||
os.Exit(ret)
|
||||
}
|
||||
}
|
||||
|
||||
switch {
|
||||
case opts.All && len(nameOrIDs) > 0:
|
||||
return nil, errors.New("cannot mix --all with images")
|
||||
|
@ -178,22 +201,6 @@ func (ir *ImageEngine) Mount(ctx context.Context, nameOrIDs []string, opts entit
|
|||
}
|
||||
}
|
||||
|
||||
if os.Geteuid() != 0 {
|
||||
if driver := ir.Libpod.StorageConfig().GraphDriverName; driver != "vfs" {
|
||||
// Do not allow to mount a graphdriver that is not vfs if we are creating the userns as part
|
||||
// of the mount command.
|
||||
return nil, fmt.Errorf("cannot mount using driver %s in rootless mode", driver)
|
||||
}
|
||||
|
||||
became, ret, err := rootless.BecomeRootInUserNS("")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if became {
|
||||
os.Exit(ret)
|
||||
}
|
||||
}
|
||||
|
||||
mountReports := []*entities.ImageMountReport{}
|
||||
for _, i := range images {
|
||||
var mountPoint string
|
||||
|
|
Loading…
Reference in New Issue