rootless: attempt to join all specified paths

when there are multiple paths specified, attempt to join them all before returning an error. Previously we were failing on the first pid found. [NO NEW TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2022-06-17 14:16:21 +02:00 · 2022-06-17 14:16:21 +02:00 · ecf225019a
parent 9afd5e31c8
commit ecf225019a
2 changed files with 22 additions and 21 deletions
--- a/pkg/domain/infra/abi/system.go
+++ b/pkg/domain/infra/abi/system.go
@ -125,8 +125,14 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool)
 		paths = append(paths, ctr.Config().ConmonPidFile)
 	}

-	became, ret, err = rootless.TryJoinFromFilePaths(pausePidPath, true, paths)
-	utils.MovePauseProcessToScope(pausePidPath)
+	if len(paths) > 0 {
+		became, ret, err = rootless.TryJoinFromFilePaths(pausePidPath, true, paths)
+	} else {
+		became, ret, err = rootless.BecomeRootInUserNS(pausePidPath)
+		if err == nil {
+			utils.MovePauseProcessToScope(pausePidPath)
+		}
+	}
 	if err != nil {
 		logrus.Error(errors.Wrapf(err, "invalid internal status, try resetting the pause process with %q", os.Args[0]+" system migrate"))
 		os.Exit(1)
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@ -461,13 +461,8 @@ func BecomeRootInUserNS(pausePid string) (bool, int, error) {
 // different uidmap and the unprivileged user has no way to read the
 // file owned by the root in the container.
 func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []string) (bool, int, error) {
-	if len(paths) == 0 {
-		return BecomeRootInUserNS(pausePidPath)
-	}
-
 	var lastErr error
 	var pausePid int
-	foundProcess := false

 	for _, path := range paths {
 		if !needNewNamespace {
@ -479,12 +474,9 @@ func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []st

 			pausePid, err = strconv.Atoi(string(data))
 			if err != nil {
-				lastErr = errors.Wrapf(err, "cannot parse file %s", path)
+				lastErr = errors.Wrapf(err, "cannot parse file %q", path)
 				continue
 			}
-
-			lastErr = nil
-			break
 		} else {
 			r, w, err := os.Pipe()
 			if err != nil {
@ -511,26 +503,29 @@ func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []st

 			n, err := r.Read(b)
 			if err != nil {
-				lastErr = errors.Wrapf(err, "cannot read %s\n", path)
+				lastErr = errors.Wrapf(err, "cannot read %q", path)
 				continue
 			}

 			pausePid, err = strconv.Atoi(string(b[:n]))
-			if err == nil && unix.Kill(pausePid, 0) == nil {
-				foundProcess = true
-				lastErr = nil
-				break
+			if err != nil {
+				lastErr = err
+				continue
 			}
 		}
-	}
-	if !foundProcess && pausePidPath != "" {
-		return BecomeRootInUserNS(pausePidPath)
+
+		if pausePid > 0 && unix.Kill(pausePid, 0) == nil {
+			joined, pid, err := joinUserAndMountNS(uint(pausePid), pausePidPath)
+			if err == nil {
+				return joined, pid, nil
+			}
+			lastErr = err
+		}
 	}
 	if lastErr != nil {
 		return false, 0, lastErr
 	}
-
-	return joinUserAndMountNS(uint(pausePid), pausePidPath)
+	return false, 0, errors.Wrapf(unix.ESRCH, "could not find any running process")
 }

 // ReadMappingsProc parses and returns the ID mappings at the specified path.