Merge pull request #5705 from rhatdan/reset

Cleanup whether to enter user namespace
2025-06-23 02:18:13 +08:00 · 2020-04-06 20:48:05 +02:00
parent e318b09b68 9f2d9679d7
commit a858b3a6a3
1 changed files with 20 additions and 2 deletions
--- a/cmd/podman/main_local.go
+++ b/cmd/podman/main_local.go
@ -11,7 +11,6 @@ import (
 	"os"
 	"runtime/pprof"
 	"strconv"
-	"strings"
 	"syscall"

 	"github.com/containers/common/pkg/config"
@ -192,7 +191,7 @@ func setupRootless(cmd *cobra.Command, args []string) error {
 		}
 	}

-	if os.Geteuid() == 0 || cmd == _searchCommand || cmd == _versionCommand || cmd == _mountCommand || cmd == _migrateCommand || strings.HasPrefix(cmd.Use, "help") {
+	if !executeCommandInUserNS(cmd) {
 		return nil
 	}

@ -243,6 +242,25 @@ func setupRootless(cmd *cobra.Command, args []string) error {
 	return nil
 }

+// Most podman commands when run in rootless mode, need to be executed in the
+// users usernamespace.  This function is updated with a  list of commands that
+// should NOT be run within the user namespace.
+func executeCommandInUserNS(cmd *cobra.Command) bool {
+	if os.Geteuid() == 0 {
+		return false
+	}
+	switch cmd {
+	case _migrateCommand,
+		_mountCommand,
+		_renumberCommand,
+		_infoCommand,
+		_searchCommand,
+		_versionCommand:
+		return false
+	}
+	return true
+}
+
 func setRLimits() error {
 	rlimits := new(syscall.Rlimit)
 	rlimits.Cur = 1048576