Skip to content

Commit

Permalink
parse uid/gid mappings from procfs when not rootless
Browse files Browse the repository at this point in the history
Signed-off-by: Robert Günzler <[email protected]>
  • Loading branch information
robertgzr committed Sep 17, 2023
1 parent a7c1adf commit 290811d
Showing 1 changed file with 55 additions and 0 deletions.
55 changes: 55 additions & 0 deletions pkg/cmd/container/run_user.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,11 @@
package container

import (
"bufio"
"context"
"fmt"
"io"
"os"
"os/user"
"strconv"

Expand Down Expand Up @@ -73,6 +76,47 @@ func withAdditionalUmask(umask uint32) oci.SpecOpts {
}
}

func parseMappingsProc() (uidmap, gidmap []specs.LinuxIDMapping, err error) {
parseMappingProc := func(fn string) ([]specs.LinuxIDMapping, error) {
f, err := os.Open(fn)
if err != nil {
return nil, err
}
defer f.Close()
mappings := []specs.LinuxIDMapping{}
for buf := bufio.NewReader(f); ; {
line, _, err := buf.ReadLine()
if err != nil {
if err == io.EOF {
return mappings, nil
}
return nil, fmt.Errorf("failed to read line from %s: %w", fn, err)
}
if line == nil {
return mappings, nil
}
var cID, hID, size uint32 = 0, 0, 0
if _, err := fmt.Sscanf(string(line), "%d %d %d", &cID, &hID, &size); err != nil {
return nil, fmt.Errorf("failed to parse %s: %w", line, err)
}
mappings = append(mappings, specs.LinuxIDMapping{
ContainerID: cID,
HostID: hID,
Size: size,
})
}
}
uidmap, err = parseMappingProc("/proc/self/uid_map")
if err != nil {
return nil, nil, err
}
gidmap, err = parseMappingProc("/proc/self/gid_map")
if err != nil {
return nil, nil, err
}
return uidmap, gidmap, nil
}

func generateUserNSOpts(userns string) ([]oci.SpecOpts, error) {
switch userns {
case "host":
Expand All @@ -85,6 +129,17 @@ func generateUserNSOpts(userns string) ([]oci.SpecOpts, error) {
return b
}

if !rootlessutil.IsRootless() {
uidmap, gidmap, err := parseMappingsProc()
if err != nil {
return nil, err
}
return []oci.SpecOpts{
oci.WithUserNamespace(uidmap, gidmap),
oci.WithUIDGID(0, 0),
}, nil
}

uid := rootlessutil.ParentEUID()
gid := rootlessutil.ParentEGID()

Check failure on line 144 in pkg/cmd/container/run_user.go

View workflow job for this annotation

GitHub Actions / cross (1.20.x)

undefined: rootlessutil.ParentEGID

Check failure on line 144 in pkg/cmd/container/run_user.go

View workflow job for this annotation

GitHub Actions / test-integration-windows

undefined: rootlessutil.ParentEGID

Expand Down

0 comments on commit 290811d

Please sign in to comment.