mirror of
https://github.com/containers/podman.git
synced 2025-07-02 08:47:43 +08:00
Merge pull request #22328 from giuseppe/drop-ReadMappingsProc
rootless: drop function ReadMappingsProc
This commit is contained in:
@ -18,6 +18,8 @@ import (
|
|||||||
"github.com/containers/common/pkg/version"
|
"github.com/containers/common/pkg/version"
|
||||||
"github.com/containers/podman/v5/libpod/define"
|
"github.com/containers/podman/v5/libpod/define"
|
||||||
"github.com/containers/podman/v5/pkg/rootless"
|
"github.com/containers/podman/v5/pkg/rootless"
|
||||||
|
"github.com/containers/podman/v5/pkg/util"
|
||||||
|
"github.com/containers/storage/pkg/unshare"
|
||||||
"github.com/opencontainers/selinux/go-selinux"
|
"github.com/opencontainers/selinux/go-selinux"
|
||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
)
|
)
|
||||||
@ -91,17 +93,13 @@ func (r *Runtime) setPlatformHostInfo(info *define.HostInfo) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if rootless.IsRootless() {
|
if rootless.IsRootless() {
|
||||||
uidmappings, err := rootless.ReadMappingsProc("/proc/self/uid_map")
|
uidmappings, gidmappings, err := unshare.GetHostIDMappings("")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("reading uid mappings: %w", err)
|
return fmt.Errorf("reading id mappings: %w", err)
|
||||||
}
|
|
||||||
gidmappings, err := rootless.ReadMappingsProc("/proc/self/gid_map")
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("reading gid mappings: %w", err)
|
|
||||||
}
|
}
|
||||||
idmappings := define.IDMappings{
|
idmappings := define.IDMappings{
|
||||||
GIDMap: gidmappings,
|
GIDMap: util.RuntimeSpecToIDtools(gidmappings),
|
||||||
UIDMap: uidmappings,
|
UIDMap: util.RuntimeSpecToIDtools(uidmappings),
|
||||||
}
|
}
|
||||||
info.IDMappings = idmappings
|
info.IDMappings = idmappings
|
||||||
}
|
}
|
||||||
|
@ -57,11 +57,6 @@ func GetConfiguredMappings(quiet bool) ([]idtools.IDMap, []idtools.IDMap, error)
|
|||||||
return nil, nil, errors.New("this function is not supported on this os")
|
return nil, nil, errors.New("this function is not supported on this os")
|
||||||
}
|
}
|
||||||
|
|
||||||
// ReadMappingsProc returns the uid_map and gid_map
|
|
||||||
func ReadMappingsProc(path string) ([]idtools.IDMap, error) {
|
|
||||||
return nil, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// IsFdInherited checks whether the fd is opened and valid to use
|
// IsFdInherited checks whether the fd is opened and valid to use
|
||||||
func IsFdInherited(fd int) bool {
|
func IsFdInherited(fd int) bool {
|
||||||
return int(C.is_fd_inherited(C.int(fd))) > 0
|
return int(C.is_fd_inherited(C.int(fd))) > 0
|
||||||
|
@ -3,11 +3,9 @@
|
|||||||
package rootless
|
package rootless
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bufio"
|
|
||||||
"bytes"
|
"bytes"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
gosignal "os/signal"
|
gosignal "os/signal"
|
||||||
@ -22,6 +20,7 @@ import (
|
|||||||
"github.com/containers/storage/pkg/idtools"
|
"github.com/containers/storage/pkg/idtools"
|
||||||
pmount "github.com/containers/storage/pkg/mount"
|
pmount "github.com/containers/storage/pkg/mount"
|
||||||
"github.com/containers/storage/pkg/unshare"
|
"github.com/containers/storage/pkg/unshare"
|
||||||
|
"github.com/opencontainers/runtime-spec/specs-go"
|
||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
"github.com/syndtr/gocapability/capability"
|
"github.com/syndtr/gocapability/capability"
|
||||||
"golang.org/x/sys/unix"
|
"golang.org/x/sys/unix"
|
||||||
@ -514,40 +513,9 @@ func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []st
|
|||||||
return false, 0, fmt.Errorf("could not find any running process: %w", unix.ESRCH)
|
return false, 0, fmt.Errorf("could not find any running process: %w", unix.ESRCH)
|
||||||
}
|
}
|
||||||
|
|
||||||
// ReadMappingsProc parses and returns the ID mappings at the specified path.
|
func matches(id int, configuredIDs []idtools.IDMap, currentIDs []specs.LinuxIDMapping) bool {
|
||||||
func ReadMappingsProc(path string) ([]idtools.IDMap, error) {
|
|
||||||
file, err := os.Open(path)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
defer file.Close()
|
|
||||||
|
|
||||||
mappings := []idtools.IDMap{}
|
|
||||||
|
|
||||||
buf := bufio.NewReader(file)
|
|
||||||
for {
|
|
||||||
line, _, err := buf.ReadLine()
|
|
||||||
if err != nil {
|
|
||||||
if err == io.EOF {
|
|
||||||
return mappings, nil
|
|
||||||
}
|
|
||||||
return nil, fmt.Errorf("cannot read line from %s: %w", path, err)
|
|
||||||
}
|
|
||||||
if line == nil {
|
|
||||||
return mappings, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
containerID, hostID, size := 0, 0, 0
|
|
||||||
if _, err := fmt.Sscanf(string(line), "%d %d %d", &containerID, &hostID, &size); err != nil {
|
|
||||||
return nil, fmt.Errorf("cannot parse %s: %w", string(line), err)
|
|
||||||
}
|
|
||||||
mappings = append(mappings, idtools.IDMap{ContainerID: containerID, HostID: hostID, Size: size})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func matches(id int, configuredIDs []idtools.IDMap, currentIDs []idtools.IDMap) bool {
|
|
||||||
// The first mapping is the host user, handle it separately.
|
// The first mapping is the host user, handle it separately.
|
||||||
if currentIDs[0].HostID != id || currentIDs[0].Size != 1 {
|
if currentIDs[0].HostID != uint32(id) || currentIDs[0].Size != 1 {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -558,10 +526,10 @@ func matches(id int, configuredIDs []idtools.IDMap, currentIDs []idtools.IDMap)
|
|||||||
|
|
||||||
// It is fine to iterate sequentially as both slices are sorted.
|
// It is fine to iterate sequentially as both slices are sorted.
|
||||||
for i := range currentIDs {
|
for i := range currentIDs {
|
||||||
if currentIDs[i].HostID != configuredIDs[i].HostID {
|
if currentIDs[i].HostID != uint32(configuredIDs[i].HostID) {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
if currentIDs[i].Size != configuredIDs[i].Size {
|
if currentIDs[i].Size != uint32(configuredIDs[i].Size) {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -581,7 +549,7 @@ func ConfigurationMatches() (bool, error) {
|
|||||||
return false, err
|
return false, err
|
||||||
}
|
}
|
||||||
|
|
||||||
currentUIDs, err := ReadMappingsProc("/proc/self/uid_map")
|
currentUIDs, currentGIDs, err := unshare.GetHostIDMappings("")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, err
|
return false, err
|
||||||
}
|
}
|
||||||
@ -590,11 +558,6 @@ func ConfigurationMatches() (bool, error) {
|
|||||||
return false, err
|
return false, err
|
||||||
}
|
}
|
||||||
|
|
||||||
currentGIDs, err := ReadMappingsProc("/proc/self/gid_map")
|
|
||||||
if err != nil {
|
|
||||||
return false, err
|
|
||||||
}
|
|
||||||
|
|
||||||
return matches(GetRootlessGID(), gids, currentGIDs), nil
|
return matches(GetRootlessGID(), gids, currentGIDs), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -60,11 +60,6 @@ func GetConfiguredMappings(quiet bool) ([]idtools.IDMap, []idtools.IDMap, error)
|
|||||||
return nil, nil, errors.New("this function is not supported on this os")
|
return nil, nil, errors.New("this function is not supported on this os")
|
||||||
}
|
}
|
||||||
|
|
||||||
// ReadMappingsProc returns the uid_map and gid_map
|
|
||||||
func ReadMappingsProc(path string) ([]idtools.IDMap, error) {
|
|
||||||
return nil, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// IsFdInherited checks whether the fd is opened and valid to use
|
// IsFdInherited checks whether the fd is opened and valid to use
|
||||||
func IsFdInherited(fd int) bool {
|
func IsFdInherited(fd int) bool {
|
||||||
return false
|
return false
|
||||||
|
@ -26,6 +26,7 @@ import (
|
|||||||
"github.com/containers/podman/v5/pkg/signal"
|
"github.com/containers/podman/v5/pkg/signal"
|
||||||
"github.com/containers/storage/pkg/directory"
|
"github.com/containers/storage/pkg/directory"
|
||||||
"github.com/containers/storage/pkg/idtools"
|
"github.com/containers/storage/pkg/idtools"
|
||||||
|
"github.com/containers/storage/pkg/unshare"
|
||||||
stypes "github.com/containers/storage/types"
|
stypes "github.com/containers/storage/types"
|
||||||
securejoin "github.com/cyphar/filepath-securejoin"
|
securejoin "github.com/cyphar/filepath-securejoin"
|
||||||
ruser "github.com/moby/sys/user"
|
ruser "github.com/moby/sys/user"
|
||||||
@ -221,16 +222,12 @@ func GetKeepIDMapping(opts *namespaces.KeepIDUserNsOptions) (*stypes.IDMappingOp
|
|||||||
HostUIDMapping: false,
|
HostUIDMapping: false,
|
||||||
HostGIDMapping: false,
|
HostGIDMapping: false,
|
||||||
}
|
}
|
||||||
uids, err := rootless.ReadMappingsProc("/proc/self/uid_map")
|
uids, gids, err := unshare.GetHostIDMappings("")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, 0, 0, err
|
return nil, 0, 0, err
|
||||||
}
|
}
|
||||||
gids, err := rootless.ReadMappingsProc("/proc/self/gid_map")
|
options.UIDMap = RuntimeSpecToIDtools(uids)
|
||||||
if err != nil {
|
options.GIDMap = RuntimeSpecToIDtools(gids)
|
||||||
return nil, 0, 0, err
|
|
||||||
}
|
|
||||||
options.UIDMap = uids
|
|
||||||
options.GIDMap = gids
|
|
||||||
|
|
||||||
uid, gid := 0, 0
|
uid, gid := 0, 0
|
||||||
if opts.UID != nil {
|
if opts.UID != nil {
|
||||||
|
Reference in New Issue
Block a user