opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-23 10:38:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1978 from mheon/only_one_execuser

Browse Source 
Prevent a second lookup of user for image volumes
This commit is contained in:
OpenShift Merge Robot
2018-12-11 13:06:57 -08:00
committed by GitHub
parent 8645df84db bc57ecec42
commit 878301f79d
2 changed files with 5 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
libpod/container_internal.go
View File

@ -18,12 +18,12 @@ import (
"github.com/containers/libpod/pkg/ctime" "github.com/containers/libpod/pkg/ctime"
"github.com/containers/libpod/pkg/hooks" "github.com/containers/libpod/pkg/hooks"
"github.com/containers/libpod/pkg/hooks/exec" "github.com/containers/libpod/pkg/hooks/exec"
"github.com/containers/libpod/pkg/lookup"
"github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/pkg/rootless"
"github.com/containers/storage" "github.com/containers/storage"
"github.com/containers/storage/pkg/archive" "github.com/containers/storage/pkg/archive"
"github.com/containers/storage/pkg/chrootarchive" "github.com/containers/storage/pkg/chrootarchive"
"github.com/containers/storage/pkg/mount" "github.com/containers/storage/pkg/mount"
"github.com/opencontainers/runc/libcontainer/user"
spec "github.com/opencontainers/runtime-spec/specs-go" spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate" "github.com/opencontainers/runtime-tools/generate"
"github.com/opencontainers/selinux/go-selinux/label" "github.com/opencontainers/selinux/go-selinux/label"
@ -1027,7 +1027,7 @@ func (c *Container) writeStringToRundir(destFile, output string) (string, error)
return filepath.Join(c.state.DestinationRunDir, destFile), nil return filepath.Join(c.state.DestinationRunDir, destFile), nil
} }
func (c *Container) addLocalVolumes(ctx context.Context, g *generate.Generator) error { func (c *Container) addLocalVolumes(ctx context.Context, g *generate.Generator, execUser *user.ExecUser) error {
var uid, gid int var uid, gid int
mountPoint := c.state.Mountpoint mountPoint := c.state.Mountpoint
if !c.state.Mounted { if !c.state.Mounted {
@ -1053,12 +1053,8 @@ func (c *Container) addLocalVolumes(ctx context.Context, g *generate.Generator)
} }
if c.config.User != "" { if c.config.User != "" {
if !c.state.Mounted { if execUser == nil {
return errors.Wrapf(ErrCtrStateInvalid, "container %s must be mounted in order to translate User field", c.ID()) return errors.Wrapf(ErrInternal, "nil pointer passed to addLocalVolumes for execUser")
}
execUser, err := lookup.GetUserGroupInfo(c.state.Mountpoint, c.config.User, nil)
if err != nil {
return err
} }
uid = execUser.Uid uid = execUser.Uid
gid = execUser.Gid gid = execUser.Gid

2
libpod/container_internal_linux.go
View File

@ -236,7 +236,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
// Bind builtin image volumes // Bind builtin image volumes
if c.config.Rootfs == "" && c.config.ImageVolumes { if c.config.Rootfs == "" && c.config.ImageVolumes {
if err := c.addLocalVolumes(ctx, &g); err != nil { if err := c.addLocalVolumes(ctx, &g, execUser); err != nil {
return nil, errors.Wrapf(err, "error mounting image volumes") return nil, errors.Wrapf(err, "error mounting image volumes")
} }
} }