mirror of
https://github.com/containers/podman.git
synced 2025-05-19 16:18:51 +08:00
rootless: do not enable lingering mode
do not automatically enable lingering mode. Closes: https://github.com/containers/libpod/issues/4224 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano
@ -14,7 +14,6 @@ import (
|
||||
"strings"
|
||||
"sync"
|
||||
"syscall"
|
||||
"time"
|
||||
|
||||
"github.com/BurntSushi/toml"
|
||||
is "github.com/containers/image/v4/storage"
|
||||
@ -353,10 +352,6 @@ func defaultRuntimeConfig() (RuntimeConfig, error) {
|
||||
// SetXdgDirs ensures the XDG_RUNTIME_DIR env and XDG_CONFIG_HOME variables are set.
|
||||
// containers/image uses XDG_RUNTIME_DIR to locate the auth file, XDG_CONFIG_HOME is
|
||||
// use for the libpod.conf configuration file.
|
||||
// SetXdgDirs internally calls EnableLinger() so that the user's processes are not
|
||||
// killed once the session is terminated. EnableLinger() also attempts to
|
||||
// get the runtime directory when XDG_RUNTIME_DIR is not specified.
|
||||
// This function should only be called when running rootless.
|
||||
func SetXdgDirs() error {
|
||||
if !rootless.IsRootless() {
|
||||
return nil
|
||||
@ -365,21 +360,6 @@ func SetXdgDirs() error {
|
||||
// Setup XDG_RUNTIME_DIR
|
||||
runtimeDir := os.Getenv("XDG_RUNTIME_DIR")
|
||||
|
||||
runtimeDirLinger, err := rootless.EnableLinger()
|
||||
if err != nil {
|
||||
return errors.Wrapf(err, "error enabling user session")
|
||||
}
|
||||
if runtimeDir == "" && runtimeDirLinger != "" {
|
||||
if _, err := os.Stat(runtimeDirLinger); err != nil && os.IsNotExist(err) {
|
||||
chWait := make(chan error)
|
||||
defer close(chWait)
|
||||
if _, err := WaitForFile(runtimeDirLinger, chWait, time.Second*10); err != nil {
|
||||
return errors.Wrapf(err, "waiting for directory '%s'", runtimeDirLinger)
|
||||
}
|
||||
}
|
||||
runtimeDir = runtimeDirLinger
|
||||
}
|
||||
|
||||
if runtimeDir == "" {
|
||||
var err error
|
||||
runtimeDir, err = util.GetRuntimeDir()
|
||||
@ -400,10 +380,11 @@ func SetXdgDirs() error {
|
||||
|
||||
// Setup XDG_CONFIG_HOME
|
||||
if cfgHomeDir := os.Getenv("XDG_CONFIG_HOME"); cfgHomeDir == "" {
|
||||
if cfgHomeDir, err = util.GetRootlessConfigHomeDir(); err != nil {
|
||||
cfgHomeDir, err := util.GetRootlessConfigHomeDir()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err = os.Setenv("XDG_CONFIG_HOME", cfgHomeDir); err != nil {
|
||||
if err := os.Setenv("XDG_CONFIG_HOME", cfgHomeDir); err != nil {
|
||||
return errors.Wrapf(err, "cannot set XDG_CONFIG_HOME")
|
||||
}
|
||||
}
|
||||
|
||||
@ -11,16 +11,13 @@ import (
|
||||
"os/exec"
|
||||
gosignal "os/signal"
|
||||
"os/user"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
"strconv"
|
||||
"strings"
|
||||
"sync"
|
||||
"unsafe"
|
||||
|
||||
"github.com/containers/libpod/pkg/errorhandling"
|
||||
"github.com/containers/storage/pkg/idtools"
|
||||
"github.com/godbus/dbus"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/sirupsen/logrus"
|
||||
"golang.org/x/sys/unix"
|
||||
@ -212,92 +209,6 @@ func getUserNSFirstChild(fd uintptr) (*os.File, error) {
|
||||
}
|
||||
}
|
||||
|
||||
// EnableLinger configures the system to not kill the user processes once the session
|
||||
// terminates
|
||||
func EnableLinger() (string, error) {
|
||||
uid := fmt.Sprintf("%d", GetRootlessUID())
|
||||
|
||||
conn, err := dbus.SystemBus()
|
||||
if err == nil {
|
||||
defer func() {
|
||||
if err := conn.Close(); err != nil {
|
||||
logrus.Errorf("unable to close dbus connection: %q", err)
|
||||
}
|
||||
}()
|
||||
}
|
||||
|
||||
lingerEnabled := false
|
||||
|
||||
// If we have a D-BUS connection, attempt to read the LINGER property from it.
|
||||
if conn != nil {
|
||||
path := dbus.ObjectPath(fmt.Sprintf("/org/freedesktop/login1/user/_%s", uid))
|
||||
ret, err := conn.Object("org.freedesktop.login1", path).GetProperty("org.freedesktop.login1.User.Linger")
|
||||
if err == nil && ret.Value().(bool) {
|
||||
lingerEnabled = true
|
||||
}
|
||||
}
|
||||
|
||||
xdgRuntimeDir := os.Getenv("XDG_RUNTIME_DIR")
|
||||
lingerFile := ""
|
||||
if xdgRuntimeDir != "" && !lingerEnabled {
|
||||
lingerFile = filepath.Join(xdgRuntimeDir, "libpod/linger")
|
||||
_, err := os.Stat(lingerFile)
|
||||
if err == nil {
|
||||
lingerEnabled = true
|
||||
}
|
||||
}
|
||||
|
||||
if !lingerEnabled {
|
||||
// First attempt with D-BUS, if it fails, then attempt with "loginctl enable-linger"
|
||||
if conn != nil {
|
||||
o := conn.Object("org.freedesktop.login1", "/org/freedesktop/login1")
|
||||
ret := o.Call("org.freedesktop.login1.Manager.SetUserLinger", 0, uint32(GetRootlessUID()), true, true)
|
||||
if ret.Err == nil {
|
||||
lingerEnabled = true
|
||||
}
|
||||
}
|
||||
if !lingerEnabled {
|
||||
err := exec.Command("loginctl", "enable-linger", uid).Run()
|
||||
if err == nil {
|
||||
lingerEnabled = true
|
||||
} else {
|
||||
logrus.Debugf("cannot run `loginctl enable-linger` for the current user: %v", err)
|
||||
}
|
||||
}
|
||||
if lingerEnabled && lingerFile != "" {
|
||||
f, err := os.Create(lingerFile)
|
||||
if err == nil {
|
||||
if err := f.Close(); err != nil {
|
||||
logrus.Errorf("failed to close %s", f.Name())
|
||||
}
|
||||
} else {
|
||||
logrus.Debugf("could not create linger file: %v", err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if !lingerEnabled {
|
||||
return "", nil
|
||||
}
|
||||
|
||||
// If we have a D-BUS connection, attempt to read the RUNTIME PATH from it.
|
||||
if conn != nil {
|
||||
path := dbus.ObjectPath(fmt.Sprintf("/org/freedesktop/login1/user/_%s", uid))
|
||||
ret, err := conn.Object("org.freedesktop.login1", path).GetProperty("org.freedesktop.login1.User.RuntimePath")
|
||||
if err == nil {
|
||||
return strings.Trim(ret.String(), "\"\n"), nil
|
||||
}
|
||||
}
|
||||
|
||||
// If XDG_RUNTIME_DIR is not set and the D-BUS call didn't work, try to get the runtime path with "loginctl"
|
||||
output, err := exec.Command("loginctl", "-pRuntimePath", "show-user", uid).Output()
|
||||
if err != nil {
|
||||
logrus.Debugf("could not get RuntimePath using loginctl: %v", err)
|
||||
return "", nil
|
||||
}
|
||||
return strings.Trim(strings.Replace(string(output), "RuntimePath=", "", -1), "\"\n"), nil
|
||||
}
|
||||
|
||||
// joinUserAndMountNS re-exec podman in a new userNS and join the user and mount
|
||||
// namespace of the specified PID without looking up its parent. Useful to join directly
|
||||
// the conmon process.
|
||||
|
||||
@ -37,12 +37,6 @@ func GetRootlessGID() int {
|
||||
return -1
|
||||
}
|
||||
|
||||
// EnableLinger configures the system to not kill the user processes once the session
|
||||
// terminates
|
||||
func EnableLinger() (string, error) {
|
||||
return "", nil
|
||||
}
|
||||
|
||||
// TryJoinFromFilePaths attempts to join the namespaces of the pid files in paths.
|
||||
// This is useful when there are already running containers and we
|
||||
// don't have a pause process yet. We can use the paths to the conmon
|
||||
|
||||
Reference in New Issue
Block a user