diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go index 7de50eaf10..67e478e739 100644 --- a/pkg/rootless/rootless_linux.go +++ b/pkg/rootless/rootless_linux.go @@ -193,7 +193,7 @@ func joinUserAndMountNS(pid uint, pausePid string) (bool, int, error) { } // GetConfiguredMappings returns the additional IDs configured for the current user. -func GetConfiguredMappings() ([]idtools.IDMap, []idtools.IDMap, error) { +func GetConfiguredMappings(quiet bool) ([]idtools.IDMap, []idtools.IDMap, error) { var uids, gids []idtools.IDMap username := os.Getenv("USER") if username == "" { @@ -211,7 +211,7 @@ func GetConfiguredMappings() ([]idtools.IDMap, []idtools.IDMap, error) { mappings, err := idtools.NewIDMappings(username, username) if err != nil { logLevel := logrus.ErrorLevel - if os.Geteuid() == 0 && GetRootlessUID() == 0 { + if quiet || (os.Geteuid() == 0 && GetRootlessUID() == 0) { logLevel = logrus.DebugLevel } logrus.StandardLogger().Logf(logLevel, "cannot find UID/GID for user %s: %v - check rootless mode in man pages.", username, err) @@ -317,7 +317,7 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ boo return false, -1, fmt.Errorf("cannot re-exec process") } - uids, gids, err := GetConfiguredMappings() + uids, gids, err := GetConfiguredMappings(false) if err != nil { return false, -1, err } @@ -592,7 +592,7 @@ func ConfigurationMatches() (bool, error) { return true, nil } - uids, gids, err := GetConfiguredMappings() + uids, gids, err := GetConfiguredMappings(false) if err != nil { return false, err } diff --git a/pkg/rootless/rootless_unsupported.go b/pkg/rootless/rootless_unsupported.go index a77e7e0773..b08075c193 100644 --- a/pkg/rootless/rootless_unsupported.go +++ b/pkg/rootless/rootless_unsupported.go @@ -57,7 +57,7 @@ func ConfigurationMatches() (bool, error) { } // GetConfiguredMappings returns the additional IDs configured for the current user. -func GetConfiguredMappings() ([]idtools.IDMap, []idtools.IDMap, error) { +func GetConfiguredMappings(quiet bool) ([]idtools.IDMap, []idtools.IDMap, error) { return nil, nil, errors.New("this function is not supported on this os") } diff --git a/pkg/util/utils.go b/pkg/util/utils.go index c62b9a0189..51c1854112 100644 --- a/pkg/util/utils.go +++ b/pkg/util/utils.go @@ -366,13 +366,11 @@ func GetKeepIDMapping(opts *namespaces.KeepIDUserNsOptions) (*stypes.IDMappingOp gid = int(*opts.GID) } - uids, gids, err := rootless.GetConfiguredMappings() + uids, gids, err := rootless.GetConfiguredMappings(true) if err != nil { return nil, -1, -1, fmt.Errorf("cannot read mappings: %w", err) } - if len(uids) == 0 || len(gids) == 0 { - return nil, -1, -1, fmt.Errorf("keep-id requires additional UIDs or GIDs defined in /etc/subuid and /etc/subgid to function correctly: %w", err) - } + maxUID, maxGID := 0, 0 for _, u := range uids { maxUID += u.Size @@ -383,13 +381,17 @@ func GetKeepIDMapping(opts *namespaces.KeepIDUserNsOptions) (*stypes.IDMappingOp options.UIDMap, options.GIDMap = nil, nil - options.UIDMap = append(options.UIDMap, idtools.IDMap{ContainerID: 0, HostID: 1, Size: min(uid, maxUID)}) + if len(uids) > 0 { + options.UIDMap = append(options.UIDMap, idtools.IDMap{ContainerID: 0, HostID: 1, Size: min(uid, maxUID)}) + } options.UIDMap = append(options.UIDMap, idtools.IDMap{ContainerID: uid, HostID: 0, Size: 1}) if maxUID > uid { options.UIDMap = append(options.UIDMap, idtools.IDMap{ContainerID: uid + 1, HostID: uid + 1, Size: maxUID - uid}) } - options.GIDMap = append(options.GIDMap, idtools.IDMap{ContainerID: 0, HostID: 1, Size: min(gid, maxGID)}) + if len(gids) > 0 { + options.GIDMap = append(options.GIDMap, idtools.IDMap{ContainerID: 0, HostID: 1, Size: min(gid, maxGID)}) + } options.GIDMap = append(options.GIDMap, idtools.IDMap{ContainerID: gid, HostID: 0, Size: 1}) if maxGID > gid { options.GIDMap = append(options.GIDMap, idtools.IDMap{ContainerID: gid + 1, HostID: gid + 1, Size: maxGID - gid}) @@ -407,7 +409,7 @@ func GetNoMapMapping() (*stypes.IDMappingOptions, int, int, error) { HostUIDMapping: false, HostGIDMapping: false, } - uids, gids, err := rootless.GetConfiguredMappings() + uids, gids, err := rootless.GetConfiguredMappings(false) if err != nil { return nil, -1, -1, fmt.Errorf("cannot read mappings: %w", err) }