opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-06 03:19:52 +08:00
Code Issues Packages Projects Releases Wiki Activity

exec: support --preserve-fds

Browse Source 
Allow to pass additional FDs to the process being executed.

Closes: https://github.com/containers/libpod/issues/2372

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano
2019-02-25 11:44:06 +01:00
parent 9adcda7389
commit 0b34327ad4
8 changed files with 57 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/rootless/rootless_linux.go
View File

@ -102,7 +102,7 @@ func tryMappingTool(tool string, pid int, hostID int, mappings []idtools.IDMap)
// JoinNS re-exec podman in a new userNS and join the user namespace of the specified
// PID.
func JoinNS(pid uint) (bool, int, error) {
func JoinNS(pid uint, preserveFDs int) (bool, int, error) {
if os.Geteuid() == 0 || os.Getenv("_LIBPOD_USERNS_CONFIGURED") != "" {
return false, -1, nil
}
@ -117,6 +117,13 @@ func JoinNS(pid uint) (bool, int, error) {
if int(pidC) < 0 {
return false, -1, errors.Errorf("cannot re-exec process")
}
if preserveFDs > 0 {
for fd := 3; fd < 3+preserveFDs; fd++ {
// These fds were passed down to the runtime. Close them
// and not interfere
os.NewFile(uintptr(fd), fmt.Sprintf("fd-%d", fd)).Close()
}
}
ret := C.reexec_in_user_namespace_wait(pidC)
if ret < 0 {