Merge pull request #22328 from giuseppe/drop-ReadMappingsProc

rootless: drop function ReadMappingsProc
This commit is contained in:
openshift-merge-bot[bot]
2024-04-10 12:20:07 +00:00
committed by GitHub
5 changed files with 16 additions and 68 deletions

View File

@ -18,6 +18,8 @@ import (
"github.com/containers/common/pkg/version" "github.com/containers/common/pkg/version"
"github.com/containers/podman/v5/libpod/define" "github.com/containers/podman/v5/libpod/define"
"github.com/containers/podman/v5/pkg/rootless" "github.com/containers/podman/v5/pkg/rootless"
"github.com/containers/podman/v5/pkg/util"
"github.com/containers/storage/pkg/unshare"
"github.com/opencontainers/selinux/go-selinux" "github.com/opencontainers/selinux/go-selinux"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
) )
@ -91,17 +93,13 @@ func (r *Runtime) setPlatformHostInfo(info *define.HostInfo) error {
} }
if rootless.IsRootless() { if rootless.IsRootless() {
uidmappings, err := rootless.ReadMappingsProc("/proc/self/uid_map") uidmappings, gidmappings, err := unshare.GetHostIDMappings("")
if err != nil { if err != nil {
return fmt.Errorf("reading uid mappings: %w", err) return fmt.Errorf("reading id mappings: %w", err)
}
gidmappings, err := rootless.ReadMappingsProc("/proc/self/gid_map")
if err != nil {
return fmt.Errorf("reading gid mappings: %w", err)
} }
idmappings := define.IDMappings{ idmappings := define.IDMappings{
GIDMap: gidmappings, GIDMap: util.RuntimeSpecToIDtools(gidmappings),
UIDMap: uidmappings, UIDMap: util.RuntimeSpecToIDtools(uidmappings),
} }
info.IDMappings = idmappings info.IDMappings = idmappings
} }

View File

@ -57,11 +57,6 @@ func GetConfiguredMappings(quiet bool) ([]idtools.IDMap, []idtools.IDMap, error)
return nil, nil, errors.New("this function is not supported on this os") return nil, nil, errors.New("this function is not supported on this os")
} }
// ReadMappingsProc returns the uid_map and gid_map
func ReadMappingsProc(path string) ([]idtools.IDMap, error) {
return nil, nil
}
// IsFdInherited checks whether the fd is opened and valid to use // IsFdInherited checks whether the fd is opened and valid to use
func IsFdInherited(fd int) bool { func IsFdInherited(fd int) bool {
return int(C.is_fd_inherited(C.int(fd))) > 0 return int(C.is_fd_inherited(C.int(fd))) > 0

View File

@ -3,11 +3,9 @@
package rootless package rootless
import ( import (
"bufio"
"bytes" "bytes"
"errors" "errors"
"fmt" "fmt"
"io"
"os" "os"
"os/exec" "os/exec"
gosignal "os/signal" gosignal "os/signal"
@ -22,6 +20,7 @@ import (
"github.com/containers/storage/pkg/idtools" "github.com/containers/storage/pkg/idtools"
pmount "github.com/containers/storage/pkg/mount" pmount "github.com/containers/storage/pkg/mount"
"github.com/containers/storage/pkg/unshare" "github.com/containers/storage/pkg/unshare"
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
"github.com/syndtr/gocapability/capability" "github.com/syndtr/gocapability/capability"
"golang.org/x/sys/unix" "golang.org/x/sys/unix"
@ -514,40 +513,9 @@ func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []st
return false, 0, fmt.Errorf("could not find any running process: %w", unix.ESRCH) return false, 0, fmt.Errorf("could not find any running process: %w", unix.ESRCH)
} }
// ReadMappingsProc parses and returns the ID mappings at the specified path. func matches(id int, configuredIDs []idtools.IDMap, currentIDs []specs.LinuxIDMapping) bool {
func ReadMappingsProc(path string) ([]idtools.IDMap, error) {
file, err := os.Open(path)
if err != nil {
return nil, err
}
defer file.Close()
mappings := []idtools.IDMap{}
buf := bufio.NewReader(file)
for {
line, _, err := buf.ReadLine()
if err != nil {
if err == io.EOF {
return mappings, nil
}
return nil, fmt.Errorf("cannot read line from %s: %w", path, err)
}
if line == nil {
return mappings, nil
}
containerID, hostID, size := 0, 0, 0
if _, err := fmt.Sscanf(string(line), "%d %d %d", &containerID, &hostID, &size); err != nil {
return nil, fmt.Errorf("cannot parse %s: %w", string(line), err)
}
mappings = append(mappings, idtools.IDMap{ContainerID: containerID, HostID: hostID, Size: size})
}
}
func matches(id int, configuredIDs []idtools.IDMap, currentIDs []idtools.IDMap) bool {
// The first mapping is the host user, handle it separately. // The first mapping is the host user, handle it separately.
if currentIDs[0].HostID != id || currentIDs[0].Size != 1 { if currentIDs[0].HostID != uint32(id) || currentIDs[0].Size != 1 {
return false return false
} }
@ -558,10 +526,10 @@ func matches(id int, configuredIDs []idtools.IDMap, currentIDs []idtools.IDMap)
// It is fine to iterate sequentially as both slices are sorted. // It is fine to iterate sequentially as both slices are sorted.
for i := range currentIDs { for i := range currentIDs {
if currentIDs[i].HostID != configuredIDs[i].HostID { if currentIDs[i].HostID != uint32(configuredIDs[i].HostID) {
return false return false
} }
if currentIDs[i].Size != configuredIDs[i].Size { if currentIDs[i].Size != uint32(configuredIDs[i].Size) {
return false return false
} }
} }
@ -581,7 +549,7 @@ func ConfigurationMatches() (bool, error) {
return false, err return false, err
} }
currentUIDs, err := ReadMappingsProc("/proc/self/uid_map") currentUIDs, currentGIDs, err := unshare.GetHostIDMappings("")
if err != nil { if err != nil {
return false, err return false, err
} }
@ -590,11 +558,6 @@ func ConfigurationMatches() (bool, error) {
return false, err return false, err
} }
currentGIDs, err := ReadMappingsProc("/proc/self/gid_map")
if err != nil {
return false, err
}
return matches(GetRootlessGID(), gids, currentGIDs), nil return matches(GetRootlessGID(), gids, currentGIDs), nil
} }

View File

@ -60,11 +60,6 @@ func GetConfiguredMappings(quiet bool) ([]idtools.IDMap, []idtools.IDMap, error)
return nil, nil, errors.New("this function is not supported on this os") return nil, nil, errors.New("this function is not supported on this os")
} }
// ReadMappingsProc returns the uid_map and gid_map
func ReadMappingsProc(path string) ([]idtools.IDMap, error) {
return nil, nil
}
// IsFdInherited checks whether the fd is opened and valid to use // IsFdInherited checks whether the fd is opened and valid to use
func IsFdInherited(fd int) bool { func IsFdInherited(fd int) bool {
return false return false

View File

@ -26,6 +26,7 @@ import (
"github.com/containers/podman/v5/pkg/signal" "github.com/containers/podman/v5/pkg/signal"
"github.com/containers/storage/pkg/directory" "github.com/containers/storage/pkg/directory"
"github.com/containers/storage/pkg/idtools" "github.com/containers/storage/pkg/idtools"
"github.com/containers/storage/pkg/unshare"
stypes "github.com/containers/storage/types" stypes "github.com/containers/storage/types"
securejoin "github.com/cyphar/filepath-securejoin" securejoin "github.com/cyphar/filepath-securejoin"
ruser "github.com/moby/sys/user" ruser "github.com/moby/sys/user"
@ -221,16 +222,12 @@ func GetKeepIDMapping(opts *namespaces.KeepIDUserNsOptions) (*stypes.IDMappingOp
HostUIDMapping: false, HostUIDMapping: false,
HostGIDMapping: false, HostGIDMapping: false,
} }
uids, err := rootless.ReadMappingsProc("/proc/self/uid_map") uids, gids, err := unshare.GetHostIDMappings("")
if err != nil { if err != nil {
return nil, 0, 0, err return nil, 0, 0, err
} }
gids, err := rootless.ReadMappingsProc("/proc/self/gid_map") options.UIDMap = RuntimeSpecToIDtools(uids)
if err != nil { options.GIDMap = RuntimeSpecToIDtools(gids)
return nil, 0, 0, err
}
options.UIDMap = uids
options.GIDMap = gids
uid, gid := 0, 0 uid, gid := 0, 0
if opts.UID != nil { if opts.UID != nil {