Merge pull request #2569 from giuseppe/rootless-fix-exec-with-user

rootless: exec join the user+mount namespace

cmd/podman/create.go

@@ -893,7 +893,16 @@ func joinOrCreateRootlessUserNamespace(createConfig *cc.CreateConfig, runtime *l
 				}
 				return false, -1, errors.Errorf("dependency container %s is not running", ctr.ID())
 			}
-			return rootless.JoinNS(uint(pid), 0)
+
+			data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile)
+			if err != nil {
+				return false, -1, errors.Wrapf(err, "cannot read conmon PID file %q", ctr.Config().ConmonPidFile)
+			}
+			conmonPid, err := strconv.Atoi(string(data))
+			if err != nil {
+				return false, -1, errors.Wrapf(err, "cannot parse PID %q", data)
+			}
+			return rootless.JoinDirectUserAndMountNS(uint(conmonPid))
 		}
 	}
 	return rootless.BecomeRootInUserNS()

cmd/podman/exec.go

@@ -106,16 +106,25 @@ func execCmd(c *cliconfig.ExecValues) error {
 
 	}
 
-	pid, err := ctr.PID()
+	if os.Geteuid() != 0 {
-	if err != nil {
+		var became bool
-		return err
+		var ret int
-	}
+
-	became, ret, err := rootless.JoinNS(uint(pid), c.PreserveFDs)
+		data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile)
-	if err != nil {
+		if err != nil {
-		return err
+			return errors.Wrapf(err, "cannot read conmon PID file %q", ctr.Config().ConmonPidFile)
-	}
+		}
-	if became {
+		conmonPid, err := strconv.Atoi(string(data))
-		os.Exit(ret)
+		if err != nil {
+			return errors.Wrapf(err, "cannot parse PID %q", data)
+		}
+		became, ret, err = rootless.JoinDirectUserAndMountNS(uint(conmonPid))
+		if err != nil {
+			return err
+		}
+		if became {
+			os.Exit(ret)
+		}
 	}
 
 	// ENVIRONMENT VARIABLES