opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-22 09:58:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14638 from giuseppe/improve-error-messages-rootless-unshare

Browse Source 
pkg/rootless: error messages improvements
This commit is contained in:
openshift-ci[bot]
2022-06-21 18:01:15 +00:00
committed by GitHub
parent fe974101eb ecf225019a
commit 7724eb07ce
3 changed files with 41 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/domain/infra/abi/system.go
View File

@ -125,8 +125,14 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool)
paths = append(paths, ctr.Config().ConmonPidFile) paths = append(paths, ctr.Config().ConmonPidFile)
} }
if len(paths) > 0 {
became, ret, err = rootless.TryJoinFromFilePaths(pausePidPath, true, paths) became, ret, err = rootless.TryJoinFromFilePaths(pausePidPath, true, paths)
} else {
became, ret, err = rootless.BecomeRootInUserNS(pausePidPath)
if err == nil {
utils.MovePauseProcessToScope(pausePidPath) utils.MovePauseProcessToScope(pausePidPath)
}
}
if err != nil { if err != nil {
logrus.Error(errors.Wrapf(err, "invalid internal status, try resetting the pause process with %q", os.Args[0]+" system migrate")) logrus.Error(errors.Wrapf(err, "invalid internal status, try resetting the pause process with %q", os.Args[0]+" system migrate"))
os.Exit(1) os.Exit(1)

14
pkg/rootless/rootless_linux.c
View File

@ -512,7 +512,9 @@ create_pause_process (const char *pause_pid_file_path, char **argv)
r = TEMP_FAILURE_RETRY (read (p[0], &b, 1)); r = TEMP_FAILURE_RETRY (read (p[0], &b, 1));
close (p[0]); close (p[0]);
reexec_in_user_namespace_wait (pid, 0); r = reexec_in_user_namespace_wait (pid, 0);
if (r != 0)
return -1;
return r == 1 && b == '0' ? 0 : -1; return r == 1 && b == '0' ? 0 : -1;
} }
@ -757,6 +759,7 @@ reexec_userns_join (int pid_to_join, char *pause_pid_file_path)
} }
execvp (argv[0], argv); execvp (argv[0], argv);
fprintf (stderr, "failed to execvp %s: %m\n", argv[0]);
_exit (EXIT_FAILURE); _exit (EXIT_FAILURE);
} }
@ -788,7 +791,10 @@ copy_file_to_fd (const char *file_to_read, int outfd)
fd = open (file_to_read, O_RDONLY); fd = open (file_to_read, O_RDONLY);
if (fd < 0) if (fd < 0)
{
fprintf (stderr, "open `%s`: %m\n", file_to_read);
return fd; return fd;
}
for (;;) for (;;)
{ {
@ -796,7 +802,10 @@ copy_file_to_fd (const char *file_to_read, int outfd)
r = TEMP_FAILURE_RETRY (read (fd, buf, sizeof buf)); r = TEMP_FAILURE_RETRY (read (fd, buf, sizeof buf));
if (r < 0) if (r < 0)
{
fprintf (stderr, "read from `%s`: %m\n", file_to_read);
return r; return r;
}
if (r == 0) if (r == 0)
break; break;
@ -805,7 +814,10 @@ copy_file_to_fd (const char *file_to_read, int outfd)
{ {
w = TEMP_FAILURE_RETRY (write (outfd, &buf[t], r - t)); w = TEMP_FAILURE_RETRY (write (outfd, &buf[t], r - t));
if (w < 0) if (w < 0)
{
fprintf (stderr, "write file to output fd `%s`: %m\n", file_to_read);
return w; return w;
}
t += w; t += w;
} }
} }

33
pkg/rootless/rootless_linux.go
View File

@ -182,7 +182,7 @@ func joinUserAndMountNS(pid uint, pausePid string) (bool, int, error) {
pidC := C.reexec_userns_join(C.int(pid), cPausePid) pidC := C.reexec_userns_join(C.int(pid), cPausePid)
if int(pidC) < 0 { if int(pidC) < 0 {
return false, -1, errors.Errorf("cannot re-exec process") return false, -1, errors.Errorf("cannot re-exec process to join the existing user namespace")
} }
ret := C.reexec_in_user_namespace_wait(pidC, 0) ret := C.reexec_in_user_namespace_wait(pidC, 0)
@ -461,13 +461,8 @@ func BecomeRootInUserNS(pausePid string) (bool, int, error) {
// different uidmap and the unprivileged user has no way to read the // different uidmap and the unprivileged user has no way to read the
// file owned by the root in the container. // file owned by the root in the container.
func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []string) (bool, int, error) { func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []string) (bool, int, error) {
if len(paths) == 0 {
return BecomeRootInUserNS(pausePidPath)
}
var lastErr error var lastErr error
var pausePid int var pausePid int
foundProcess := false
for _, path := range paths { for _, path := range paths {
if !needNewNamespace { if !needNewNamespace {
@ -479,12 +474,9 @@ func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []st
pausePid, err = strconv.Atoi(string(data)) pausePid, err = strconv.Atoi(string(data))
if err != nil { if err != nil {
lastErr = errors.Wrapf(err, "cannot parse file %s", path) lastErr = errors.Wrapf(err, "cannot parse file %q", path)
continue continue
} }
lastErr = nil
break
} else { } else {
r, w, err := os.Pipe() r, w, err := os.Pipe()
if err != nil { if err != nil {
@ -511,26 +503,29 @@ func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []st
n, err := r.Read(b) n, err := r.Read(b)
if err != nil { if err != nil {
lastErr = errors.Wrapf(err, "cannot read %s\n", path) lastErr = errors.Wrapf(err, "cannot read %q", path)
continue continue
} }
pausePid, err = strconv.Atoi(string(b[:n])) pausePid, err = strconv.Atoi(string(b[:n]))
if err == nil && unix.Kill(pausePid, 0) == nil { if err != nil {
foundProcess = true lastErr = err
lastErr = nil continue
break
} }
} }
if pausePid > 0 && unix.Kill(pausePid, 0) == nil {
joined, pid, err := joinUserAndMountNS(uint(pausePid), pausePidPath)
if err == nil {
return joined, pid, nil
}
lastErr = err
} }
if !foundProcess && pausePidPath != "" {
return BecomeRootInUserNS(pausePidPath)
} }
if lastErr != nil { if lastErr != nil {
return false, 0, lastErr return false, 0, lastErr
} }
return false, 0, errors.Wrapf(unix.ESRCH, "could not find any running process")
return joinUserAndMountNS(uint(pausePid), pausePidPath)
} }
// ReadMappingsProc parses and returns the ID mappings at the specified path. // ReadMappingsProc parses and returns the ID mappings at the specified path.