mirror of
https://github.com/containers/podman.git
synced 2025-06-27 13:38:49 +08:00
Merge pull request #3786 from giuseppe/fix-rootless-checks
rootless: drop some superflous checks
This commit is contained in:
OpenShift Merge Robot
@ -78,7 +78,7 @@ func podCreateCmd(c *cliconfig.PodCreateValues) error {
|
|||||||
if !c.Infra && c.Flag("share").Changed && c.Share != "none" && c.Share != "" {
|
if !c.Infra && c.Flag("share").Changed && c.Share != "none" && c.Share != "" {
|
||||||
return errors.Errorf("You cannot share kernel namespaces on the pod level without an infra container")
|
return errors.Errorf("You cannot share kernel namespaces on the pod level without an infra container")
|
||||||
}
|
}
|
||||||
if c.Flag("pod-id-file").Changed && os.Geteuid() == 0 {
|
if c.Flag("pod-id-file").Changed {
|
||||||
podIdFile, err = util.OpenExclusiveFile(c.PodIDFile)
|
podIdFile, err = util.OpenExclusiveFile(c.PodIDFile)
|
||||||
if err != nil && os.IsExist(err) {
|
if err != nil && os.IsExist(err) {
|
||||||
return errors.Errorf("pod id file exists. Ensure another pod is not using it or delete %s", c.PodIDFile)
|
return errors.Errorf("pod id file exists. Ensure another pod is not using it or delete %s", c.PodIDFile)
|
||||||
|
|||||||
@ -15,6 +15,8 @@ import (
|
|||||||
"github.com/containers/libpod/libpod"
|
"github.com/containers/libpod/libpod"
|
||||||
"github.com/containers/libpod/libpod/define"
|
"github.com/containers/libpod/libpod/define"
|
||||||
"github.com/containers/libpod/pkg/adapter"
|
"github.com/containers/libpod/pkg/adapter"
|
||||||
|
"github.com/containers/libpod/pkg/cgroups"
|
||||||
|
"github.com/containers/libpod/pkg/rootless"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
)
|
)
|
||||||
@ -53,9 +55,14 @@ func init() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func podStatsCmd(c *cliconfig.PodStatsValues) error {
|
func podStatsCmd(c *cliconfig.PodStatsValues) error {
|
||||||
|
if rootless.IsRootless() {
|
||||||
if os.Geteuid() != 0 {
|
unified, err := cgroups.IsCgroup2UnifiedMode()
|
||||||
return errors.New("stats is not supported in rootless mode")
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if !unified {
|
||||||
|
return errors.New("stats is not supported in rootless mode without cgroups v2")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
format := c.Format
|
format := c.Format
|
||||||
|
|||||||
@ -55,7 +55,7 @@ func CreateContainer(ctx context.Context, c *GenericCLIResults, runtime *libpod.
|
|||||||
rootfs = c.InputArgs[0]
|
rootfs = c.InputArgs[0]
|
||||||
}
|
}
|
||||||
|
|
||||||
if c.IsSet("cidfile") && os.Geteuid() == 0 {
|
if c.IsSet("cidfile") {
|
||||||
cidFile, err = util.OpenExclusiveFile(c.String("cidfile"))
|
cidFile, err = util.OpenExclusiveFile(c.String("cidfile"))
|
||||||
if err != nil && os.IsExist(err) {
|
if err != nil && os.IsExist(err) {
|
||||||
return nil, nil, errors.Errorf("container id file exists. Ensure another container is not using it or delete %s", c.String("cidfile"))
|
return nil, nil, errors.Errorf("container id file exists. Ensure another container is not using it or delete %s", c.String("cidfile"))
|
||||||
@ -70,8 +70,8 @@ func CreateContainer(ctx context.Context, c *GenericCLIResults, runtime *libpod.
|
|||||||
imageName := ""
|
imageName := ""
|
||||||
var data *inspect.ImageData = nil
|
var data *inspect.ImageData = nil
|
||||||
|
|
||||||
// Set the storage if we are running as euid == 0 and there is no rootfs specified
|
// Set the storage if there is no rootfs specified
|
||||||
if rootfs == "" && os.Geteuid() == 0 {
|
if rootfs == "" {
|
||||||
var writer io.Writer
|
var writer io.Writer
|
||||||
if !c.Bool("quiet") {
|
if !c.Bool("quiet") {
|
||||||
writer = os.Stderr
|
writer = os.Stderr
|
||||||
|
|||||||
@ -2,7 +2,6 @@ package main
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"os"
|
|
||||||
"reflect"
|
"reflect"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
@ -13,6 +12,8 @@ import (
|
|||||||
"github.com/containers/libpod/cmd/podman/libpodruntime"
|
"github.com/containers/libpod/cmd/podman/libpodruntime"
|
||||||
"github.com/containers/libpod/libpod"
|
"github.com/containers/libpod/libpod"
|
||||||
"github.com/containers/libpod/libpod/define"
|
"github.com/containers/libpod/libpod/define"
|
||||||
|
"github.com/containers/libpod/pkg/cgroups"
|
||||||
|
"github.com/containers/libpod/pkg/rootless"
|
||||||
"github.com/docker/go-units"
|
"github.com/docker/go-units"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
@ -66,8 +67,14 @@ func init() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func statsCmd(c *cliconfig.StatsValues) error {
|
func statsCmd(c *cliconfig.StatsValues) error {
|
||||||
if os.Geteuid() != 0 {
|
if rootless.IsRootless() {
|
||||||
return errors.New("stats is not supported for rootless containers")
|
unified, err := cgroups.IsCgroup2UnifiedMode()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if !unified {
|
||||||
|
return errors.New("stats is not supported in rootless mode without cgroups v2")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
all := c.All
|
all := c.All
|
||||||
|
|||||||
@ -352,7 +352,6 @@ func startCommandGivenSelinux(cmd *exec.Cmd) error {
|
|||||||
// it then signals for conmon to start by sending nonse data down the start fd
|
// it then signals for conmon to start by sending nonse data down the start fd
|
||||||
func (r *OCIRuntime) moveConmonToCgroupAndSignal(ctr *Container, cmd *exec.Cmd, startFd *os.File, uuid string) error {
|
func (r *OCIRuntime) moveConmonToCgroupAndSignal(ctr *Container, cmd *exec.Cmd, startFd *os.File, uuid string) error {
|
||||||
cgroupParent := ctr.CgroupParent()
|
cgroupParent := ctr.CgroupParent()
|
||||||
if os.Geteuid() == 0 {
|
|
||||||
if r.cgroupManager == SystemdCgroupsManager {
|
if r.cgroupManager == SystemdCgroupsManager {
|
||||||
unitName := createUnitName("libpod-conmon", ctr.ID())
|
unitName := createUnitName("libpod-conmon", ctr.ID())
|
||||||
|
|
||||||
@ -379,7 +378,6 @@ func (r *OCIRuntime) moveConmonToCgroupAndSignal(ctr *Container, cmd *exec.Cmd,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
/* We set the cgroup, now the child can start creating children */
|
/* We set the cgroup, now the child can start creating children */
|
||||||
if err := writeConmonPipeData(startFd); err != nil {
|
if err := writeConmonPipeData(startFd); err != nil {
|
||||||
|
|||||||
@ -238,11 +238,6 @@ func (config *CreateConfig) parseVolumes(runtime *libpod.Runtime) ([]spec.Mount,
|
|||||||
// Conflicts are resolved simply - the last container specified wins.
|
// Conflicts are resolved simply - the last container specified wins.
|
||||||
// Container names may be suffixed by mount options after a colon.
|
// Container names may be suffixed by mount options after a colon.
|
||||||
func (config *CreateConfig) getVolumesFrom(runtime *libpod.Runtime) (map[string]spec.Mount, map[string]*libpod.ContainerNamedVolume, error) {
|
func (config *CreateConfig) getVolumesFrom(runtime *libpod.Runtime) (map[string]spec.Mount, map[string]*libpod.ContainerNamedVolume, error) {
|
||||||
// TODO: This can probably be disabled now
|
|
||||||
if os.Geteuid() != 0 {
|
|
||||||
return nil, nil, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Both of these are maps of mount destination to mount type.
|
// Both of these are maps of mount destination to mount type.
|
||||||
// We ensure that each destination is only mounted to once in this way.
|
// We ensure that each destination is only mounted to once in this way.
|
||||||
finalMounts := make(map[string]spec.Mount)
|
finalMounts := make(map[string]spec.Mount)
|
||||||
|
|||||||
Reference in New Issue
Block a user