containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

create, rootless: join the userns of container:CONTAINER 

so that we can also join the requested namespace.

Closes: https://github.com/containers/libpod/issues/1453

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

Closes: #1507
Approved by: rhatdan
This commit is contained in:
Giuseppe Scrivano 2018-09-19 10:12:36 +02:00 committed by Atomic Bot
parent 8b9b493b53
commit 1c73404fe1
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
cmd/podman/create.go
View File

@ -802,6 +802,11 @@ func parseCreateOpts(ctx context.Context, c *cli.Context, runtime *libpod.Runtim
return config, nil
}
type namespace interface {
IsContainer() bool
Container() string
}
func joinOrCreateRootlessUserNamespace(createConfig *cc.CreateConfig, runtime *libpod.Runtime) (bool, int, error) {
if os.Geteuid() == 0 {
return false, 0, nil
@ -833,5 +838,19 @@ func joinOrCreateRootlessUserNamespace(createConfig *cc.CreateConfig, runtime *l
}
}
namespaces := []namespace{createConfig.IpcMode, createConfig.NetMode, createConfig.UsernsMode, createConfig.PidMode, createConfig.UtsMode}
for _, i := range namespaces {
if i.IsContainer() {
ctr, err := runtime.LookupContainer(i.Container())
if err != nil {
return false, -1, err
}
pid, err := ctr.PID()
if err != nil {
return false, -1, err
}
return rootless.JoinNS(uint(pid))
}
}
return rootless.BecomeRootInUserNS()
}