Merge pull request #2569 from giuseppe/rootless-fix-exec-with-user

rootless: exec join the user+mount namespace
2025-12-08 06:39:05 +08:00 · 2019-03-08 08:22:55 -08:00
parent 90319bcf52 081291c8d6
commit c4815e8a61
2 changed files with 29 additions and 11 deletions
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -893,7 +893,16 @@ func joinOrCreateRootlessUserNamespace(createConfig *cc.CreateConfig, runtime *l
 				}
 				return false, -1, errors.Errorf("dependency container %s is not running", ctr.ID())
 			}
-			return rootless.JoinNS(uint(pid), 0)
+
+			data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile)
+			if err != nil {
+				return false, -1, errors.Wrapf(err, "cannot read conmon PID file %q", ctr.Config().ConmonPidFile)
+			}
+			conmonPid, err := strconv.Atoi(string(data))
+			if err != nil {
+				return false, -1, errors.Wrapf(err, "cannot parse PID %q", data)
+			}
+			return rootless.JoinDirectUserAndMountNS(uint(conmonPid))
 		}
 	}
 	return rootless.BecomeRootInUserNS()
--- a/cmd/podman/exec.go
+++ b/cmd/podman/exec.go
@@ -106,17 +106,26 @@ func execCmd(c *cliconfig.ExecValues) error {

 	}

-	pid, err := ctr.PID()
+	if os.Geteuid() != 0 {
+		var became bool
+		var ret int
+
+		data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile)
 		if err != nil {
-		return err
+			return errors.Wrapf(err, "cannot read conmon PID file %q", ctr.Config().ConmonPidFile)
 		}
-	became, ret, err := rootless.JoinNS(uint(pid), c.PreserveFDs)
+		conmonPid, err := strconv.Atoi(string(data))
+		if err != nil {
+			return errors.Wrapf(err, "cannot parse PID %q", data)
+		}
+		became, ret, err = rootless.JoinDirectUserAndMountNS(uint(conmonPid))
 		if err != nil {
 			return err
 		}
 		if became {
 			os.Exit(ret)
 		}
+	}

 	// ENVIRONMENT VARIABLES
 	env := map[string]string{}