opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-20 17:13:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

podman: always call into SetupRootless

Browse Source 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano
2022-07-12 11:47:30 +02:00
committed by Matthew Heon
parent 3b37095b2b
commit 7b4ebfa657
3 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
cmd/podman/common/completion.go
View File

@ -18,7 +18,6 @@ import (
"github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/libpod/define"
"github.com/containers/podman/v4/libpod/events" "github.com/containers/podman/v4/libpod/events"
"github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/domain/entities"
"github.com/containers/podman/v4/pkg/rootless"
"github.com/containers/podman/v4/pkg/signal" "github.com/containers/podman/v4/pkg/signal"
systemdDefine "github.com/containers/podman/v4/pkg/systemd/define" systemdDefine "github.com/containers/podman/v4/pkg/systemd/define"
"github.com/containers/podman/v4/pkg/util" "github.com/containers/podman/v4/pkg/util"
@ -54,7 +53,7 @@ func setupContainerEngine(cmd *cobra.Command) (entities.ContainerEngine, error)
cobra.CompErrorln(err.Error()) cobra.CompErrorln(err.Error())
return nil, err return nil, err
} }
if !registry.IsRemote() && rootless.IsRootless() { if !registry.IsRemote() {
_, noMoveProcess := cmd.Annotations[registry.NoMoveProcess] _, noMoveProcess := cmd.Annotations[registry.NoMoveProcess]
err := containerEngine.SetupRootless(registry.Context(), noMoveProcess) err := containerEngine.SetupRootless(registry.Context(), noMoveProcess)

3
cmd/podman/root.go
View File

@ -19,7 +19,6 @@ import (
"github.com/containers/podman/v4/pkg/checkpoint/crutils" "github.com/containers/podman/v4/pkg/checkpoint/crutils"
"github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/domain/entities"
"github.com/containers/podman/v4/pkg/parallel" "github.com/containers/podman/v4/pkg/parallel"
"github.com/containers/podman/v4/pkg/rootless"
"github.com/containers/podman/v4/version" "github.com/containers/podman/v4/version"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
"github.com/spf13/cobra" "github.com/spf13/cobra"
@ -265,7 +264,7 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error {
// 2) running as non-root // 2) running as non-root
// 3) command doesn't require Parent Namespace // 3) command doesn't require Parent Namespace
_, found := cmd.Annotations[registry.ParentNSRequired] _, found := cmd.Annotations[registry.ParentNSRequired]
if !registry.IsRemote() && rootless.IsRootless() && !found { if !registry.IsRemote() && !found {
_, noMoveProcess := cmd.Annotations[registry.NoMoveProcess] _, noMoveProcess := cmd.Annotations[registry.NoMoveProcess]
err := registry.ContainerEngine().SetupRootless(registry.Context(), noMoveProcess) err := registry.ContainerEngine().SetupRootless(registry.Context(), noMoveProcess)
if err != nil { if err != nil {

4
pkg/domain/infra/abi/system.go
View File

@ -67,6 +67,10 @@ func (ic *ContainerEngine) Info(ctx context.Context) (*define.Info, error) {
} }
func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool) error { func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool) error {
if !rootless.IsRootless() {
return nil
}
// do it only after podman has already re-execed and running with uid==0. // do it only after podman has already re-execed and running with uid==0.
hasCapSysAdmin, err := unshare.HasCapSysAdmin() hasCapSysAdmin, err := unshare.HasCapSysAdmin()
if err != nil { if err != nil {