opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-05-31 15:42:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

chrootuser: default to GID 0 when given a numeric --user

Browse Source 
When we're given a numeric --user value, default to GID 0 if the numeric
ID doesn't correspond to a user entry in /etc/passwd that can provide us
with the user's primary group ID.

Make sure that GetAdditionalGroupsForUser() returns wrapped errors.

Also test various user:group forms.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>

Closes: #728
Approved by: mheon
This commit is contained in:
Nalin Dahyabhai
2018-05-04 11:26:56 -04:00
committed by Atomic Bot
parent 796d6c894a
commit e686269da3
4 changed files with 45 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
libpod/container_internal.go
View File

@ -1119,13 +1119,15 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
}
}
// Look up and add groups the user belongs to
groups, err := chrootuser.GetAdditionalGroupsForUser(c.state.Mountpoint, uint64(g.Spec().Process.User.UID))
if err != nil && err != chrootuser.ErrNoSuchUser {
return nil, err
}
for _, gid := range groups {
g.AddProcessAdditionalGid(gid)
// Look up and add groups the user belongs to, if a group wasn't directly specified
if !strings.Contains(c.config.User, ":") {
groups, err := chrootuser.GetAdditionalGroupsForUser(c.state.Mountpoint, uint64(g.Spec().Process.User.UID))
if err != nil && errors.Cause(err) != chrootuser.ErrNoSuchUser {
return nil, err
}
for _, gid := range groups {
g.AddProcessAdditionalGid(gid)
}
}
// Add shared namespaces from other containers