mirror of
				https://github.com/containers/podman.git
				synced 2025-10-26 10:45:26 +08:00 
			
		
		
		
	 3350cd3eed
			
		
	
	3350cd3eed
	
	
	
		
			
			The code currently tried to avoid joining the userns from conmon directly and rather joined to only read the pid file and then send this back to use so we could join the userns. From the comment this was done because we could not read the pid file. However this is no longer true as of commit 49eb5af301 and file is no always owned by the real user. This means we can just remove this special logic and join the namespace directly there. A test has been added to check the rejoin logic with a custom uidmapping. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
		
			
				
	
	
		
			60 lines
		
	
	
		
			2.0 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			60 lines
		
	
	
		
			2.0 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| //go:build freebsd && cgo
 | |
| 
 | |
| package rootless
 | |
| 
 | |
| import (
 | |
| 	"errors"
 | |
| 
 | |
| 	"github.com/containers/storage/pkg/idtools"
 | |
| )
 | |
| 
 | |
| // extern int is_fd_inherited(int fd);
 | |
| import "C"
 | |
| 
 | |
| // IsRootless returns whether the user is rootless
 | |
| func IsRootless() bool {
 | |
| 	return false
 | |
| }
 | |
| 
 | |
| // BecomeRootInUserNS re-exec podman in a new userNS.  It returns whether podman was re-executed
 | |
| // into a new user namespace and the return code from the re-executed podman process.
 | |
| // If podman was re-executed the caller needs to propagate the error code returned by the child
 | |
| // process.  It is a convenience function for BecomeRootInUserNSWithOpts with a default configuration.
 | |
| func BecomeRootInUserNS(pausePid string) (bool, int, error) {
 | |
| 	return false, -1, errors.New("Rootless mode is not supported on FreeBSD - run podman as root")
 | |
| }
 | |
| 
 | |
| // GetRootlessUID returns the UID of the user in the parent userNS
 | |
| func GetRootlessUID() int {
 | |
| 	return -1
 | |
| }
 | |
| 
 | |
| // GetRootlessGID returns the GID of the user in the parent userNS
 | |
| func GetRootlessGID() int {
 | |
| 	return -1
 | |
| }
 | |
| 
 | |
| // TryJoinFromFilePaths attempts to join the namespaces of the pid files in paths.
 | |
| // This is useful when there are already running containers and we
 | |
| // don't have a pause process yet.  We can use the paths to the conmon
 | |
| // processes to attempt joining their namespaces.
 | |
| func TryJoinFromFilePaths(pausePidPath string, paths []string) (bool, int, error) {
 | |
| 	return false, -1, errors.New("this function is not supported on this os")
 | |
| }
 | |
| 
 | |
| // ConfigurationMatches checks whether the additional uids/gids configured for the user
 | |
| // match the current user namespace.
 | |
| func ConfigurationMatches() (bool, error) {
 | |
| 	return true, nil
 | |
| }
 | |
| 
 | |
| // GetConfiguredMappings returns the additional IDs configured for the current user.
 | |
| func GetConfiguredMappings(quiet bool) ([]idtools.IDMap, []idtools.IDMap, error) {
 | |
| 	return nil, nil, errors.New("this function is not supported on this os")
 | |
| }
 | |
| 
 | |
| // IsFdInherited checks whether the fd is opened and valid to use
 | |
| func IsFdInherited(fd int) bool {
 | |
| 	return int(C.is_fd_inherited(C.int(fd))) > 0
 | |
| }
 |