opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-11-13 17:47:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

If newuidmap or newgidmap fail, then check their permissions

Browse Source 
Often distributions to not have newuidmap and netgidmap configured
to be setuid. If Podman fails to setup the user namespace, check to
see if these files doe not have the proper protection and tell the user.

[NO NEW TESTS NEEDED]

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
2022-04-08 10:51:39 -04:00
parent cdbc33112e
commit 2508913a0f
20 changed files with 133 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
vendor/github.com/containers/storage/drivers/chown_unix.go generated vendored
View File

@@ -84,7 +84,7 @@ func (c *platformChowner) LChown(path string, info os.FileInfo, toHost, toContai
}
if uid != int(st.Uid) || gid != int(st.Gid) {
cap, err := system.Lgetxattr(path, "security.capability")
if err != nil && !errors.Is(err, system.EOPNOTSUPP) && err != system.ErrNotSupportedPlatform {
if err != nil && !errors.Is(err, system.EOPNOTSUPP) && !errors.Is(err, system.EOVERFLOW) && err != system.ErrNotSupportedPlatform {
return fmt.Errorf("%s: %v", os.Args[0], err)
}