opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-12-11 17:27:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

export: fix usage with rootless containers

Browse Source 
Fix usage of export when rootless containers are used without vfs.  We
join the conmon process namespaces as the container is running in a
different one.

There can be a problem if the user specify a different path for the
conmon process, and then the file is deleted.  In this case podman
won't be able to find the conmon process to join.

Closes: https://github.com/containers/libpod/issues/2027

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano
2018-12-19 18:08:15 +01:00
parent f2e96b0934
commit d389ac45e5
2 changed files with 40 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
cmd/podman/export.go
View File

@@ -1,9 +1,13 @@
package main package main
import ( import (
"io/ioutil"
"os" "os"
"strconv"
"github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/containers/libpod/cmd/podman/libpodruntime"
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/pkg/rootless"
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
"github.com/urfave/cli" "github.com/urfave/cli"
@@ -35,6 +39,9 @@ func exportCmd(c *cli.Context) error {
if err := validateFlags(c, exportFlags); err != nil { if err := validateFlags(c, exportFlags); err != nil {
return err return err
} }
if os.Geteuid() != 0 {
rootless.SetSkipStorageSetup(true)
}
runtime, err := libpodruntime.GetRuntime(c) runtime, err := libpodruntime.GetRuntime(c)
if err != nil { if err != nil {
@@ -66,5 +73,37 @@ func exportCmd(c *cli.Context) error {
return errors.Wrapf(err, "error looking up container %q", args[0]) return errors.Wrapf(err, "error looking up container %q", args[0])
} }
if os.Geteuid() != 0 {
state, err := ctr.State()
if err != nil {
return errors.Wrapf(err, "cannot read container state %q", ctr.ID())
}
if state == libpod.ContainerStateRunning || state == libpod.ContainerStatePaused {
data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile)
if err != nil {
return errors.Wrapf(err, "cannot read conmon PID file %q", ctr.Config().ConmonPidFile)
}
conmonPid, err := strconv.Atoi(string(data))
if err != nil {
return errors.Wrapf(err, "cannot parse PID %q", data)
}
became, ret, err := rootless.JoinDirectUserAndMountNS(uint(conmonPid))
if err != nil {
return err
}
if became {
os.Exit(ret)
}
} else {
became, ret, err := rootless.BecomeRootInUserNS()
if err != nil {
return err
}
if became {
os.Exit(ret)
}
}
}
return ctr.Export(output) return ctr.Export(output)
} }

1
cmd/podman/main.go
View File

@@ -30,6 +30,7 @@ var cmdsNotRequiringRootless = map[string]bool{
"version": true, "version": true,
"create": true, "create": true,
"exec": true, "exec": true,
"export": true,
// `info` must be executed in an user namespace. // `info` must be executed in an user namespace.
// If this change, please also update libpod.refreshRootless() // If this change, please also update libpod.refreshRootless()
"login": true, "login": true,