opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-29 23:22:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

rootless: do not ignore errors if mappings are specified

Browse Source 
when setting up the user namespace do not ignore errors from
newuidmap/newgidmap if there are mappings configured.

The single user mapping is a fallback only when there are not mappings
specified for the user.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano
2020-07-30 21:43:07 +02:00
parent 4132b71478
commit 8408cfd35c
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/rootless/rootless_linux.go
View File

@ -224,6 +224,10 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (bool,
uidsMapped := false uidsMapped := false
if uids != nil { if uids != nil {
err := tryMappingTool("newuidmap", pid, os.Geteuid(), uids) err := tryMappingTool("newuidmap", pid, os.Geteuid(), uids)
// If some mappings were specified, do not ignore the error
if err != nil && len(uids) > 0 {
return false, -1, err
}
uidsMapped = err == nil uidsMapped = err == nil
} }
if !uidsMapped { if !uidsMapped {
@ -246,6 +250,10 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (bool,
gidsMapped := false gidsMapped := false
if gids != nil { if gids != nil {
err := tryMappingTool("newgidmap", pid, os.Getegid(), gids) err := tryMappingTool("newgidmap", pid, os.Getegid(), gids)
// If some mappings were specified, do not ignore the error
if err != nil && len(gids) > 0 {
return false, -1, err
}
gidsMapped = err == nil gidsMapped = err == nil
} }
if !gidsMapped { if !gidsMapped {