mirror of
https://github.com/containers/podman.git
synced 2025-05-17 15:18:43 +08:00
rootless: drop function ReadMappingsProc
use the equivalent GetHostIDMappings from the storage unshare package. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano
@ -18,6 +18,8 @@ import (
|
||||
"github.com/containers/common/pkg/version"
|
||||
"github.com/containers/podman/v5/libpod/define"
|
||||
"github.com/containers/podman/v5/pkg/rootless"
|
||||
"github.com/containers/podman/v5/pkg/util"
|
||||
"github.com/containers/storage/pkg/unshare"
|
||||
"github.com/opencontainers/selinux/go-selinux"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
@ -91,17 +93,13 @@ func (r *Runtime) setPlatformHostInfo(info *define.HostInfo) error {
|
||||
}
|
||||
|
||||
if rootless.IsRootless() {
|
||||
uidmappings, err := rootless.ReadMappingsProc("/proc/self/uid_map")
|
||||
uidmappings, gidmappings, err := unshare.GetHostIDMappings("")
|
||||
if err != nil {
|
||||
return fmt.Errorf("reading uid mappings: %w", err)
|
||||
}
|
||||
gidmappings, err := rootless.ReadMappingsProc("/proc/self/gid_map")
|
||||
if err != nil {
|
||||
return fmt.Errorf("reading gid mappings: %w", err)
|
||||
return fmt.Errorf("reading id mappings: %w", err)
|
||||
}
|
||||
idmappings := define.IDMappings{
|
||||
GIDMap: gidmappings,
|
||||
UIDMap: uidmappings,
|
||||
GIDMap: util.RuntimeSpecToIDtools(gidmappings),
|
||||
UIDMap: util.RuntimeSpecToIDtools(uidmappings),
|
||||
}
|
||||
info.IDMappings = idmappings
|
||||
}
|
||||
|
||||
@ -57,11 +57,6 @@ func GetConfiguredMappings(quiet bool) ([]idtools.IDMap, []idtools.IDMap, error)
|
||||
return nil, nil, errors.New("this function is not supported on this os")
|
||||
}
|
||||
|
||||
// ReadMappingsProc returns the uid_map and gid_map
|
||||
func ReadMappingsProc(path string) ([]idtools.IDMap, error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
// IsFdInherited checks whether the fd is opened and valid to use
|
||||
func IsFdInherited(fd int) bool {
|
||||
return int(C.is_fd_inherited(C.int(fd))) > 0
|
||||
|
||||
@ -3,11 +3,9 @@
|
||||
package rootless
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"bytes"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"os"
|
||||
"os/exec"
|
||||
gosignal "os/signal"
|
||||
@ -22,6 +20,7 @@ import (
|
||||
"github.com/containers/storage/pkg/idtools"
|
||||
pmount "github.com/containers/storage/pkg/mount"
|
||||
"github.com/containers/storage/pkg/unshare"
|
||||
"github.com/opencontainers/runtime-spec/specs-go"
|
||||
"github.com/sirupsen/logrus"
|
||||
"github.com/syndtr/gocapability/capability"
|
||||
"golang.org/x/sys/unix"
|
||||
@ -514,40 +513,9 @@ func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []st
|
||||
return false, 0, fmt.Errorf("could not find any running process: %w", unix.ESRCH)
|
||||
}
|
||||
|
||||
// ReadMappingsProc parses and returns the ID mappings at the specified path.
|
||||
func ReadMappingsProc(path string) ([]idtools.IDMap, error) {
|
||||
file, err := os.Open(path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer file.Close()
|
||||
|
||||
mappings := []idtools.IDMap{}
|
||||
|
||||
buf := bufio.NewReader(file)
|
||||
for {
|
||||
line, _, err := buf.ReadLine()
|
||||
if err != nil {
|
||||
if err == io.EOF {
|
||||
return mappings, nil
|
||||
}
|
||||
return nil, fmt.Errorf("cannot read line from %s: %w", path, err)
|
||||
}
|
||||
if line == nil {
|
||||
return mappings, nil
|
||||
}
|
||||
|
||||
containerID, hostID, size := 0, 0, 0
|
||||
if _, err := fmt.Sscanf(string(line), "%d %d %d", &containerID, &hostID, &size); err != nil {
|
||||
return nil, fmt.Errorf("cannot parse %s: %w", string(line), err)
|
||||
}
|
||||
mappings = append(mappings, idtools.IDMap{ContainerID: containerID, HostID: hostID, Size: size})
|
||||
}
|
||||
}
|
||||
|
||||
func matches(id int, configuredIDs []idtools.IDMap, currentIDs []idtools.IDMap) bool {
|
||||
func matches(id int, configuredIDs []idtools.IDMap, currentIDs []specs.LinuxIDMapping) bool {
|
||||
// The first mapping is the host user, handle it separately.
|
||||
if currentIDs[0].HostID != id || currentIDs[0].Size != 1 {
|
||||
if currentIDs[0].HostID != uint32(id) || currentIDs[0].Size != 1 {
|
||||
return false
|
||||
}
|
||||
|
||||
@ -558,10 +526,10 @@ func matches(id int, configuredIDs []idtools.IDMap, currentIDs []idtools.IDMap)
|
||||
|
||||
// It is fine to iterate sequentially as both slices are sorted.
|
||||
for i := range currentIDs {
|
||||
if currentIDs[i].HostID != configuredIDs[i].HostID {
|
||||
if currentIDs[i].HostID != uint32(configuredIDs[i].HostID) {
|
||||
return false
|
||||
}
|
||||
if currentIDs[i].Size != configuredIDs[i].Size {
|
||||
if currentIDs[i].Size != uint32(configuredIDs[i].Size) {
|
||||
return false
|
||||
}
|
||||
}
|
||||
@ -581,7 +549,7 @@ func ConfigurationMatches() (bool, error) {
|
||||
return false, err
|
||||
}
|
||||
|
||||
currentUIDs, err := ReadMappingsProc("/proc/self/uid_map")
|
||||
currentUIDs, currentGIDs, err := unshare.GetHostIDMappings("")
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
@ -590,11 +558,6 @@ func ConfigurationMatches() (bool, error) {
|
||||
return false, err
|
||||
}
|
||||
|
||||
currentGIDs, err := ReadMappingsProc("/proc/self/gid_map")
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
return matches(GetRootlessGID(), gids, currentGIDs), nil
|
||||
}
|
||||
|
||||
|
||||
@ -60,11 +60,6 @@ func GetConfiguredMappings(quiet bool) ([]idtools.IDMap, []idtools.IDMap, error)
|
||||
return nil, nil, errors.New("this function is not supported on this os")
|
||||
}
|
||||
|
||||
// ReadMappingsProc returns the uid_map and gid_map
|
||||
func ReadMappingsProc(path string) ([]idtools.IDMap, error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
// IsFdInherited checks whether the fd is opened and valid to use
|
||||
func IsFdInherited(fd int) bool {
|
||||
return false
|
||||
|
||||
@ -26,6 +26,7 @@ import (
|
||||
"github.com/containers/podman/v5/pkg/signal"
|
||||
"github.com/containers/storage/pkg/directory"
|
||||
"github.com/containers/storage/pkg/idtools"
|
||||
"github.com/containers/storage/pkg/unshare"
|
||||
stypes "github.com/containers/storage/types"
|
||||
securejoin "github.com/cyphar/filepath-securejoin"
|
||||
ruser "github.com/moby/sys/user"
|
||||
@ -221,16 +222,12 @@ func GetKeepIDMapping(opts *namespaces.KeepIDUserNsOptions) (*stypes.IDMappingOp
|
||||
HostUIDMapping: false,
|
||||
HostGIDMapping: false,
|
||||
}
|
||||
uids, err := rootless.ReadMappingsProc("/proc/self/uid_map")
|
||||
uids, gids, err := unshare.GetHostIDMappings("")
|
||||
if err != nil {
|
||||
return nil, 0, 0, err
|
||||
}
|
||||
gids, err := rootless.ReadMappingsProc("/proc/self/gid_map")
|
||||
if err != nil {
|
||||
return nil, 0, 0, err
|
||||
}
|
||||
options.UIDMap = uids
|
||||
options.GIDMap = gids
|
||||
options.UIDMap = RuntimeSpecToIDtools(uids)
|
||||
options.GIDMap = RuntimeSpecToIDtools(gids)
|
||||
|
||||
uid, gid := 0, 0
|
||||
if opts.UID != nil {
|
||||
|
||||
Reference in New Issue
Block a user