containers
/
automation-tests
mirror of https://github.com/containers/automation-tests.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

rootless: raise error if newuidmap/newgidmap are not installed 

it was reported on IRC that Podman on Ubuntu failed as
newuidmap/newgidmap were not installed by default.

Raise an error if we are not allowing single mappings (used only by
the tests suite) and any of the binaries is not present.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano 2018-12-03 12:14:52 +01:00
parent 41f250c486
commit 727b6a78ee
No known key found for this signature in database
GPG Key ID: E4730F97F60286ED
1 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
pkg/rootless/rootless_linux.go
View File

@ -74,7 +74,7 @@ func GetRootlessUID() int {
func tryMappingTool(tool string, pid int, hostID int, mappings []idtools.IDMap) error { func tryMappingTool(tool string, pid int, hostID int, mappings []idtools.IDMap) error {
path, err := exec.LookPath(tool) path, err := exec.LookPath(tool)
if err != nil { if err != nil {
return err return errors.Wrapf(err, "cannot find %s", tool)
} }
appendTriplet := func(l []string, a, b, c int) []string { appendTriplet := func(l []string, a, b, c int) []string {
@ -92,7 +92,11 @@ func tryMappingTool(tool string, pid int, hostID int, mappings []idtools.IDMap)
Path: path, Path: path,
Args: args, Args: args,
} }
return cmd.Run()
if err := cmd.Run(); err != nil {
return errors.Wrapf(err, "cannot setup namespace using %s", tool)
}
return nil
} }
// JoinNS re-exec podman in a new userNS and join the user namespace of the specified // JoinNS re-exec podman in a new userNS and join the user namespace of the specified
@ -191,11 +195,13 @@ func BecomeRootInUserNS() (bool, int, error) {
return false, -1, errors.Errorf("cannot re-exec process") return false, -1, errors.Errorf("cannot re-exec process")
} }
allowSingleIDMapping := os.Getenv("PODMAN_ALLOW_SINGLE_ID_MAPPING_IN_USERNS") != ""
var uids, gids []idtools.IDMap var uids, gids []idtools.IDMap
username := os.Getenv("USER") username := os.Getenv("USER")
if username == "" { if username == "" {
user, err := user.LookupId(fmt.Sprintf("%d", os.Getuid())) user, err := user.LookupId(fmt.Sprintf("%d", os.Getuid()))
if err != nil && os.Getenv("PODMAN_ALLOW_SINGLE_ID_MAPPING_IN_USERNS") == "" { if err != nil && !allowSingleIDMapping {
if os.IsNotExist(err) { if os.IsNotExist(err) {
return false, 0, errors.Wrapf(err, "/etc/subuid or /etc/subgid does not exist, see subuid/subgid man pages for information on these files") return false, 0, errors.Wrapf(err, "/etc/subuid or /etc/subgid does not exist, see subuid/subgid man pages for information on these files")
} }
@ -206,7 +212,7 @@ func BecomeRootInUserNS() (bool, int, error) {
} }
} }
mappings, err := idtools.NewIDMappings(username, username) mappings, err := idtools.NewIDMappings(username, username)
if os.Getenv("PODMAN_ALLOW_SINGLE_ID_MAPPING_IN_USERNS") == "" { if !allowSingleIDMapping {
if err != nil { if err != nil {
return false, -1, err return false, -1, err
} }
@ -236,7 +242,11 @@ func BecomeRootInUserNS() (bool, int, error) {
uidsMapped := false uidsMapped := false
if mappings != nil && uids != nil { if mappings != nil && uids != nil {
uidsMapped = tryMappingTool("newuidmap", pid, os.Getuid(), uids) == nil err := tryMappingTool("newuidmap", pid, os.Getuid(), uids)
if !allowSingleIDMapping && err != nil {
return false, 0, err
}
uidsMapped = err == nil
} }
if !uidsMapped { if !uidsMapped {
setgroups := fmt.Sprintf("/proc/%d/setgroups", pid) setgroups := fmt.Sprintf("/proc/%d/setgroups", pid)
@ -254,7 +264,11 @@ func BecomeRootInUserNS() (bool, int, error) {
gidsMapped := false gidsMapped := false
if mappings != nil && gids != nil { if mappings != nil && gids != nil {
gidsMapped = tryMappingTool("newgidmap", pid, os.Getgid(), gids) == nil err := tryMappingTool("newgidmap", pid, os.Getgid(), gids)
if !allowSingleIDMapping && err != nil {
return false, 0, err
}
gidsMapped = err == nil
} }
if !gidsMapped { if !gidsMapped {
gidMap := fmt.Sprintf("/proc/%d/gid_map", pid) gidMap := fmt.Sprintf("/proc/%d/gid_map", pid)