Merge pull request #8693 from giuseppe/drop-valid-id-in-userns-check

podman: drop checking valid rootless UID
containers · Dec 14, 2020 · 803c078 · 803c078
2 parents e5741b9 + f711f5a
commit 803c078
Show file tree

Hide file tree

Showing 4 changed files with 0 additions and 38 deletions.
diff --git a/cmd/podman/containers/run.go b/cmd/podman/containers/run.go
@@ -3,7 +3,6 @@ package containers
 import (
 	"fmt"
 	"os"
-	"strconv"
 	"strings"
 
 	"github.com/containers/common/pkg/completion"
@@ -15,7 +14,6 @@ import (
 	"github.com/containers/podman/v2/pkg/errorhandling"
 	"github.com/containers/podman/v2/pkg/rootless"
 	"github.com/containers/podman/v2/pkg/specgen"
-	"github.com/containers/podman/v2/pkg/util"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
@@ -108,15 +106,6 @@ func run(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
-	if rootless.IsRootless() && !registry.IsRemote() {
-		userspec := strings.SplitN(cliVals.User, ":", 2)[0]
-		if uid, err := strconv.ParseInt(userspec, 10, 32); err == nil {
-			if err := util.CheckRootlessUIDRange(int(uid)); err != nil {
-				return err
-			}
-		}
-	}
-
 	if af := cliVals.Authfile; len(af) > 0 {
 		if _, err := os.Stat(af); err != nil {
 			return err

diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
@@ -424,11 +424,6 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 	}
 
 	if c.config.User != "" {
-		if rootless.IsRootless() {
-			if err := util.CheckRootlessUIDRange(execUser.Uid); err != nil {
-				return nil, err
-			}
-		}
 		// User and Group must go together
 		g.SetProcessUID(uint32(execUser.Uid))
 		g.SetProcessGID(uint32(execUser.Gid))

diff --git a/pkg/util/utils_linux.go b/pkg/util/utils_linux.go
@@ -6,7 +6,6 @@ import (
 	"path/filepath"
 	"syscall"
 
-	"github.com/containers/podman/v2/pkg/rootless"
 	"github.com/containers/psgo"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -53,19 +52,3 @@ func FindDeviceNodes() (map[string]string, error) {
 
 	return nodes, nil
 }
-
-// CheckRootlessUIDRange checks the uid within the rootless container is in the range from /etc/subuid
-func CheckRootlessUIDRange(uid int) error {
-	uids, _, err := rootless.GetConfiguredMappings()
-	if err != nil {
-		return err
-	}
-	total := 0
-	for _, u := range uids {
-		total += u.Size
-	}
-	if uid > total {
-		return errors.Errorf("requested user's UID %d is too large for the rootless user namespace", uid)
-	}
-	return nil
-}
diff --git a/pkg/util/utils_unsupported.go b/pkg/util/utils_unsupported.go
@@ -10,8 +10,3 @@ import (
 func FindDeviceNodes() (map[string]string, error) {
 	return nil, errors.Errorf("not supported on non-Linux OSes")
 }
-
-// CheckRootlessUIDRange is not implemented anywhere except Linux.
-func CheckRootlessUIDRange(uid int) error {
-	return nil
-}