diff --git a/libpod/info_linux.go b/libpod/info_linux.go index ee34c8e200..1e6bed8c89 100644 --- a/libpod/info_linux.go +++ b/libpod/info_linux.go @@ -18,6 +18,8 @@ import ( "github.com/containers/common/pkg/version" "github.com/containers/podman/v5/libpod/define" "github.com/containers/podman/v5/pkg/rootless" + "github.com/containers/podman/v5/pkg/util" + "github.com/containers/storage/pkg/unshare" "github.com/opencontainers/selinux/go-selinux" "github.com/sirupsen/logrus" ) @@ -91,17 +93,13 @@ func (r *Runtime) setPlatformHostInfo(info *define.HostInfo) error { } if rootless.IsRootless() { - uidmappings, err := rootless.ReadMappingsProc("/proc/self/uid_map") + uidmappings, gidmappings, err := unshare.GetHostIDMappings("") if err != nil { - return fmt.Errorf("reading uid mappings: %w", err) - } - gidmappings, err := rootless.ReadMappingsProc("/proc/self/gid_map") - if err != nil { - return fmt.Errorf("reading gid mappings: %w", err) + return fmt.Errorf("reading id mappings: %w", err) } idmappings := define.IDMappings{ - GIDMap: gidmappings, - UIDMap: uidmappings, + GIDMap: util.RuntimeSpecToIDtools(gidmappings), + UIDMap: util.RuntimeSpecToIDtools(uidmappings), } info.IDMappings = idmappings } diff --git a/pkg/rootless/rootless_freebsd.go b/pkg/rootless/rootless_freebsd.go index 2a459398b3..28c1a5e15d 100644 --- a/pkg/rootless/rootless_freebsd.go +++ b/pkg/rootless/rootless_freebsd.go @@ -57,11 +57,6 @@ func GetConfiguredMappings(quiet bool) ([]idtools.IDMap, []idtools.IDMap, error) return nil, nil, errors.New("this function is not supported on this os") } -// ReadMappingsProc returns the uid_map and gid_map -func ReadMappingsProc(path string) ([]idtools.IDMap, error) { - return nil, nil -} - // IsFdInherited checks whether the fd is opened and valid to use func IsFdInherited(fd int) bool { return int(C.is_fd_inherited(C.int(fd))) > 0 diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go index 40f81301fb..61133ababa 100644 --- a/pkg/rootless/rootless_linux.go +++ b/pkg/rootless/rootless_linux.go @@ -3,11 +3,9 @@ package rootless import ( - "bufio" "bytes" "errors" "fmt" - "io" "os" "os/exec" gosignal "os/signal" @@ -22,6 +20,7 @@ import ( "github.com/containers/storage/pkg/idtools" pmount "github.com/containers/storage/pkg/mount" "github.com/containers/storage/pkg/unshare" + "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" "github.com/syndtr/gocapability/capability" "golang.org/x/sys/unix" @@ -514,40 +513,9 @@ func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []st return false, 0, fmt.Errorf("could not find any running process: %w", unix.ESRCH) } -// ReadMappingsProc parses and returns the ID mappings at the specified path. -func ReadMappingsProc(path string) ([]idtools.IDMap, error) { - file, err := os.Open(path) - if err != nil { - return nil, err - } - defer file.Close() - - mappings := []idtools.IDMap{} - - buf := bufio.NewReader(file) - for { - line, _, err := buf.ReadLine() - if err != nil { - if err == io.EOF { - return mappings, nil - } - return nil, fmt.Errorf("cannot read line from %s: %w", path, err) - } - if line == nil { - return mappings, nil - } - - containerID, hostID, size := 0, 0, 0 - if _, err := fmt.Sscanf(string(line), "%d %d %d", &containerID, &hostID, &size); err != nil { - return nil, fmt.Errorf("cannot parse %s: %w", string(line), err) - } - mappings = append(mappings, idtools.IDMap{ContainerID: containerID, HostID: hostID, Size: size}) - } -} - -func matches(id int, configuredIDs []idtools.IDMap, currentIDs []idtools.IDMap) bool { +func matches(id int, configuredIDs []idtools.IDMap, currentIDs []specs.LinuxIDMapping) bool { // The first mapping is the host user, handle it separately. - if currentIDs[0].HostID != id || currentIDs[0].Size != 1 { + if currentIDs[0].HostID != uint32(id) || currentIDs[0].Size != 1 { return false } @@ -558,10 +526,10 @@ func matches(id int, configuredIDs []idtools.IDMap, currentIDs []idtools.IDMap) // It is fine to iterate sequentially as both slices are sorted. for i := range currentIDs { - if currentIDs[i].HostID != configuredIDs[i].HostID { + if currentIDs[i].HostID != uint32(configuredIDs[i].HostID) { return false } - if currentIDs[i].Size != configuredIDs[i].Size { + if currentIDs[i].Size != uint32(configuredIDs[i].Size) { return false } } @@ -581,7 +549,7 @@ func ConfigurationMatches() (bool, error) { return false, err } - currentUIDs, err := ReadMappingsProc("/proc/self/uid_map") + currentUIDs, currentGIDs, err := unshare.GetHostIDMappings("") if err != nil { return false, err } @@ -590,11 +558,6 @@ func ConfigurationMatches() (bool, error) { return false, err } - currentGIDs, err := ReadMappingsProc("/proc/self/gid_map") - if err != nil { - return false, err - } - return matches(GetRootlessGID(), gids, currentGIDs), nil } diff --git a/pkg/rootless/rootless_unsupported.go b/pkg/rootless/rootless_unsupported.go index 587fb4cb96..0d587644fd 100644 --- a/pkg/rootless/rootless_unsupported.go +++ b/pkg/rootless/rootless_unsupported.go @@ -60,11 +60,6 @@ func GetConfiguredMappings(quiet bool) ([]idtools.IDMap, []idtools.IDMap, error) return nil, nil, errors.New("this function is not supported on this os") } -// ReadMappingsProc returns the uid_map and gid_map -func ReadMappingsProc(path string) ([]idtools.IDMap, error) { - return nil, nil -} - // IsFdInherited checks whether the fd is opened and valid to use func IsFdInherited(fd int) bool { return false diff --git a/pkg/util/utils.go b/pkg/util/utils.go index 2170911552..95e9aba704 100644 --- a/pkg/util/utils.go +++ b/pkg/util/utils.go @@ -26,6 +26,7 @@ import ( "github.com/containers/podman/v5/pkg/signal" "github.com/containers/storage/pkg/directory" "github.com/containers/storage/pkg/idtools" + "github.com/containers/storage/pkg/unshare" stypes "github.com/containers/storage/types" securejoin "github.com/cyphar/filepath-securejoin" ruser "github.com/moby/sys/user" @@ -221,16 +222,12 @@ func GetKeepIDMapping(opts *namespaces.KeepIDUserNsOptions) (*stypes.IDMappingOp HostUIDMapping: false, HostGIDMapping: false, } - uids, err := rootless.ReadMappingsProc("/proc/self/uid_map") + uids, gids, err := unshare.GetHostIDMappings("") if err != nil { return nil, 0, 0, err } - gids, err := rootless.ReadMappingsProc("/proc/self/gid_map") - if err != nil { - return nil, 0, 0, err - } - options.UIDMap = uids - options.GIDMap = gids + options.UIDMap = RuntimeSpecToIDtools(uids) + options.GIDMap = RuntimeSpecToIDtools(gids) uid, gid := 0, 0 if opts.UID != nil {