opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-23 18:59:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5705 from rhatdan/reset

Browse Source 
Cleanup whether to enter user namespace
This commit is contained in:
OpenShift Merge Robot
2020-04-06 20:48:05 +02:00
committed by GitHub
parent e318b09b68 9f2d9679d7
commit a858b3a6a3
1 changed files with 20 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
cmd/podman/main_local.go
View File

@ -11,7 +11,6 @@ import (
"os" "os"
"runtime/pprof" "runtime/pprof"
"strconv" "strconv"
"strings"
"syscall" "syscall"
"github.com/containers/common/pkg/config" "github.com/containers/common/pkg/config"
@ -192,7 +191,7 @@ func setupRootless(cmd *cobra.Command, args []string) error {
} }
} }
if os.Geteuid() == 0 || cmd == _searchCommand || cmd == _versionCommand || cmd == _mountCommand || cmd == _migrateCommand || strings.HasPrefix(cmd.Use, "help") { if !executeCommandInUserNS(cmd) {
return nil return nil
} }
@ -243,6 +242,25 @@ func setupRootless(cmd *cobra.Command, args []string) error {
return nil return nil
} }
// Most podman commands when run in rootless mode, need to be executed in the
// users usernamespace. This function is updated with a list of commands that
// should NOT be run within the user namespace.
func executeCommandInUserNS(cmd *cobra.Command) bool {
if os.Geteuid() == 0 {
return false
}
switch cmd {
case _migrateCommand,
_mountCommand,
_renumberCommand,
_infoCommand,
_searchCommand,
_versionCommand:
return false
}
return true
}
func setRLimits() error { func setRLimits() error {
rlimits := new(syscall.Rlimit) rlimits := new(syscall.Rlimit)
rlimits.Cur = 1048576 rlimits.Cur = 1048576