opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-26 12:56:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #17684 from giuseppe/version-no-userns

Browse Source 
cmd: do not require userns for "version"
This commit is contained in:
OpenShift Merge Robot
2023-03-03 16:56:05 +01:00
committed by GitHub
parent 3f0f558609 0498ce3a56
commit 76642d5ad3
5 changed files with 7 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/podman/images/scp.go
View File

@ -15,7 +15,6 @@ var (
imageScpCommand = &cobra.Command{ imageScpCommand = &cobra.Command{
Use: "scp [options] IMAGE [HOST::]", Use: "scp [options] IMAGE [HOST::]",
Annotations: map[string]string{ Annotations: map[string]string{
registry.UnshareNSRequired: "",
registry.ParentNSRequired: "", registry.ParentNSRequired: "",
}, },
Long: saveScpDescription, Long: saveScpDescription,

9
cmd/podman/main.go
View File

@ -76,18 +76,11 @@ func parseCommands() *cobra.Command {
// Command cannot be run rootless // Command cannot be run rootless
_, found := c.Command.Annotations[registry.UnshareNSRequired] _, found := c.Command.Annotations[registry.UnshareNSRequired]
if found { if found {
if rootless.IsRootless() && os.Getuid() != 0 && c.Command.Name() != "scp" { if rootless.IsRootless() && os.Getuid() != 0 {
c.Command.RunE = func(cmd *cobra.Command, args []string) error { c.Command.RunE = func(cmd *cobra.Command, args []string) error {
return fmt.Errorf("cannot run command %q in rootless mode, must execute `podman unshare` first", cmd.CommandPath()) return fmt.Errorf("cannot run command %q in rootless mode, must execute `podman unshare` first", cmd.CommandPath())
} }
} }
} else {
_, found = c.Command.Annotations[registry.ParentNSRequired]
if rootless.IsRootless() && found && c.Command.Name() != "scp" {
c.Command.RunE = func(cmd *cobra.Command, args []string) error {
return fmt.Errorf("cannot run command %q in rootless mode", cmd.CommandPath())
}
}
} }
addCommand(c) addCommand(c)
} }

2
cmd/podman/registry/config.go
View File

@ -17,7 +17,7 @@ const (
// NoMoveProcess used as cobra.Annotation when command doesn't need Podman to be moved to a separate cgroup // NoMoveProcess used as cobra.Annotation when command doesn't need Podman to be moved to a separate cgroup
NoMoveProcess = "NoMoveProcess" NoMoveProcess = "NoMoveProcess"
// ParentNSRequired used as cobra.Annotation when command requires root access // ParentNSRequired used as cobra.Annotation when a command should not be run in the podman rootless user namespace, also requires updates in `pkg/rootless/rootless_linux.c` in function `can_use_shortcut()` to exclude the command name there.
ParentNSRequired = "ParentNSRequired" ParentNSRequired = "ParentNSRequired"
// UnshareNSRequired used as cobra.Annotation when command requires modified user namespace // UnshareNSRequired used as cobra.Annotation when command requires modified user namespace

3
cmd/podman/system/version.go
View File

@ -22,6 +22,9 @@ var (
Short: "Display the Podman version information", Short: "Display the Podman version information",
RunE: version, RunE: version,
ValidArgsFunction: completion.AutocompleteNone, ValidArgsFunction: completion.AutocompleteNone,
Annotations: map[string]string{
registry.ParentNSRequired: "",
},
} }
versionFormat string versionFormat string
) )

1
pkg/rootless/rootless_linux.c
View File

@ -386,6 +386,7 @@ can_use_shortcut (char **argv)
if (strcmp (argv[argc], "mount") == 0 if (strcmp (argv[argc], "mount") == 0
|| strcmp (argv[argc], "machine") == 0 || strcmp (argv[argc], "machine") == 0
|| strcmp (argv[argc], "version") == 0
|| strcmp (argv[argc], "context") == 0 || strcmp (argv[argc], "context") == 0
|| strcmp (argv[argc], "search") == 0 || strcmp (argv[argc], "search") == 0
|| (strcmp (argv[argc], "system") == 0 && argv[argc+1] && strcmp (argv[argc+1], "service") != 0)) || (strcmp (argv[argc], "system") == 0 && argv[argc+1] && strcmp (argv[argc+1], "service") != 0))