mirror of
https://github.com/containers/podman.git
synced 2025-06-03 20:33:20 +08:00
720eb85ba5
We cannot re-exec into a new user namespace to gain privileges and access an existing as the new namespace is not the owner of the existing container. "unshare" is used to join the user namespace of the target container. The current implementation assumes that the main process of the container didn't create a new user namespace. Since in the setup phase we are not running with euid=0, we must skip the setup for containers/storage. Closes: https://github.com/containers/libpod/issues/1329 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1331 Approved by: rhatdan
33 lines
736 B
Go
33 lines
736 B
Go
// +build !linux
|
|
|
|
package rootless
|
|
|
|
import (
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
// IsRootless returns false on all non-linux platforms
|
|
func IsRootless() bool {
|
|
return false
|
|
}
|
|
|
|
// BecomeRootInUserNS is a stub function that always returns false and an
|
|
// error on unsupported OS's
|
|
func BecomeRootInUserNS() (bool, int, error) {
|
|
return false, -1, errors.New("this function is not supported on this os")
|
|
}
|
|
|
|
// GetRootlessUID returns the UID of the user in the parent userNS
|
|
func GetRootlessUID() int {
|
|
return -1
|
|
}
|
|
|
|
// SetSkipStorageSetup tells the runtime to not setup containers/storage
|
|
func SetSkipStorageSetup(bool) {
|
|
}
|
|
|
|
// SkipStorageSetup tells if we should skip the containers/storage setup
|
|
func SkipStorageSetup() bool {
|
|
return false
|
|
}
|