Skip to content

Commit

Permalink
Merge pull request #1327 from giuseppe/fix-apply-layer-in-userns
Browse files Browse the repository at this point in the history 
chrootarchive: propagate env from parent
  • Loading branch information
@rhatdan
rhatdan authored Sep 9, 2022
2 parents c2533ec + 9ecda58 commit b321881
Show file tree
Hide file tree
Showing 13 changed files with 20 additions and 99 deletions.
4 changes: 2 additions & 2 deletions drivers/aufs/aufs.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ import (
mountpk "github.com/containers/storage/pkg/mount"
"github.com/containers/storage/pkg/parsers"
"github.com/containers/storage/pkg/system"
"github.com/opencontainers/runc/libcontainer/userns"
"github.com/containers/storage/pkg/unshare"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/sirupsen/logrus"
"github.com/vbatts/tar-split/tar/storage"
Expand Down Expand Up @@ -200,7 +200,7 @@ func supportsAufs() error {
// proc/filesystems for when aufs is supported
exec.Command("modprobe", "aufs").Run()

if userns.RunningInUserNS() {
if unshare.IsRootless() {
return ErrAufsNested
}

Expand Down
3 changes: 1 addition & 2 deletions drivers/copy/copy_linux.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ import (
"github.com/containers/storage/pkg/pools"
"github.com/containers/storage/pkg/system"
"github.com/containers/storage/pkg/unshare"
"github.com/opencontainers/runc/libcontainer/userns"
"golang.org/x/sys/unix"
)

Expand Down Expand Up @@ -207,7 +206,7 @@ func DirCopy(srcDir, dstDir string, copyMode Mode, copyXattrs bool) error {
s.Close()

case mode&os.ModeDevice != 0:
if userns.RunningInUserNS() {
if unshare.IsRootless() {
// cannot create a device if running in user namespace
return nil
}
Expand Down
4 changes: 2 additions & 2 deletions drivers/fsdiff.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import (
"github.com/containers/storage/pkg/chrootarchive"
"github.com/containers/storage/pkg/idtools"
"github.com/containers/storage/pkg/ioutils"
"github.com/opencontainers/runc/libcontainer/userns"
"github.com/containers/storage/pkg/unshare"
"github.com/sirupsen/logrus"
)

Expand Down Expand Up @@ -179,7 +179,7 @@ func (gdw *NaiveDiffDriver) ApplyDiff(id, parent string, options ApplyDiffOpts)
}

tarOptions := &archive.TarOptions{
InUserNS: userns.RunningInUserNS(),
InUserNS: unshare.IsRootless(),
IgnoreChownErrors: options.IgnoreChownErrors,
ForceMask: forceMask,
}
Expand Down
5 changes: 2 additions & 3 deletions drivers/overlay/overlay.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ import (
units "github.com/docker/go-units"
"github.com/hashicorp/go-multierror"
digest "github.com/opencontainers/go-digest"
"github.com/opencontainers/runc/libcontainer/userns"
"github.com/opencontainers/selinux/go-selinux"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/sirupsen/logrus"
Expand Down Expand Up @@ -1830,7 +1829,7 @@ func (d *Driver) ApplyDiffWithDiffer(id, parent string, options *graphdriver.App
GIDMaps: idMappings.GIDs(),
IgnoreChownErrors: d.options.ignoreChownErrors,
WhiteoutFormat: d.getWhiteoutFormat(),
InUserNS: userns.RunningInUserNS(),
InUserNS: unshare.IsRootless(),
})
out.Target = applyDir
return out, err
Expand Down Expand Up @@ -1888,7 +1887,7 @@ func (d *Driver) ApplyDiff(id, parent string, options graphdriver.ApplyDiffOpts)
IgnoreChownErrors: d.options.ignoreChownErrors,
ForceMask: d.options.forceMask,
WhiteoutFormat: d.getWhiteoutFormat(),
InUserNS: userns.RunningInUserNS(),
InUserNS: unshare.IsRootless(),
}); err != nil {
return 0, err
}
Expand Down
9 changes: 4 additions & 5 deletions pkg/archive/archive.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@ import (
"github.com/containers/storage/pkg/system"
"github.com/containers/storage/pkg/unshare"
gzip "github.com/klauspost/pgzip"
"github.com/opencontainers/runc/libcontainer/userns"
"github.com/sirupsen/logrus"
"github.com/ulikunitz/xz"
)
Expand Down Expand Up @@ -1159,7 +1158,7 @@ func (archiver *Archiver) TarUntar(src, dst string) error {
GIDMaps: tarMappings.GIDs(),
Compression: Uncompressed,
CopyPass: true,
InUserNS: userns.RunningInUserNS(),
InUserNS: unshare.IsRootless(),
}
archive, err := TarWithOptions(src, options)
if err != nil {
Expand All @@ -1174,7 +1173,7 @@ func (archiver *Archiver) TarUntar(src, dst string) error {
UIDMaps: untarMappings.UIDs(),
GIDMaps: untarMappings.GIDs(),
ChownOpts: archiver.ChownOpts,
InUserNS: userns.RunningInUserNS(),
InUserNS: unshare.IsRootless(),
}
return archiver.Untar(archive, dst, options)
}
Expand All @@ -1194,7 +1193,7 @@ func (archiver *Archiver) UntarPath(src, dst string) error {
UIDMaps: untarMappings.UIDs(),
GIDMaps: untarMappings.GIDs(),
ChownOpts: archiver.ChownOpts,
InUserNS: userns.RunningInUserNS(),
InUserNS: unshare.IsRootless(),
}
return archiver.Untar(archive, dst, options)
}
Expand Down Expand Up @@ -1294,7 +1293,7 @@ func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) {
UIDMaps: archiver.UntarIDMappings.UIDs(),
GIDMaps: archiver.UntarIDMappings.GIDs(),
ChownOpts: archiver.ChownOpts,
InUserNS: userns.RunningInUserNS(),
InUserNS: unshare.IsRootless(),
NoOverwriteDirNonDir: true,
}
err = archiver.Untar(r, filepath.Dir(dst), options)
Expand Down
5 changes: 3 additions & 2 deletions pkg/archive/archive_freebsd.go
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
//go:build freebsd
// +build freebsd

package archive
Expand All @@ -11,7 +12,7 @@ import (

"github.com/containers/storage/pkg/idtools"
"github.com/containers/storage/pkg/system"
"github.com/opencontainers/runc/libcontainer/userns"
"github.com/containers/storage/pkg/unshare"
"golang.org/x/sys/unix"
)

Expand Down Expand Up @@ -87,7 +88,7 @@ func minor(device uint64) uint64 {
// handleTarTypeBlockCharFifo is an OS-specific helper function used by
// createTarFile to handle the following types of header: Block; Char; Fifo
func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
if userns.RunningInUserNS() {
if unshare.IsRootless() {
// cannot create a device if running in user namespace
return nil
}
Expand Down
4 changes: 2 additions & 2 deletions pkg/chrootarchive/archive.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ import (

"github.com/containers/storage/pkg/archive"
"github.com/containers/storage/pkg/idtools"
"github.com/opencontainers/runc/libcontainer/userns"
"github.com/containers/storage/pkg/unshare"
)

// NewArchiver returns a new Archiver which uses chrootarchive.Untar
Expand Down Expand Up @@ -66,7 +66,7 @@ func untarHandler(tarArchive io.Reader, dest string, options *archive.TarOptions
}
if options == nil {
options = &archive.TarOptions{}
options.InUserNS = userns.RunningInUserNS()
options.InUserNS = unshare.IsRootless()
}
if options.ExcludePatterns == nil {
options.ExcludePatterns = []string{}
Expand Down
8 changes: 4 additions & 4 deletions pkg/chrootarchive/diff_unix.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ import (
"github.com/containers/storage/pkg/archive"
"github.com/containers/storage/pkg/reexec"
"github.com/containers/storage/pkg/system"
"github.com/opencontainers/runc/libcontainer/userns"
"github.com/containers/storage/pkg/unshare"
)

type applyLayerResponse struct {
Expand All @@ -36,7 +36,7 @@ func applyLayer() {
runtime.LockOSThread()
flag.Parse()

inUserns := userns.RunningInUserNS()
inUserns := unshare.IsRootless()
if err := chroot(flag.Arg(0)); err != nil {
fatal(err)
}
Expand Down Expand Up @@ -95,7 +95,7 @@ func applyLayerHandler(dest string, layer io.Reader, options *archive.TarOptions
}
if options == nil {
options = &archive.TarOptions{}
if userns.RunningInUserNS() {
if unshare.IsRootless() {
options.InUserNS = true
}
}
Expand All @@ -110,7 +110,7 @@ func applyLayerHandler(dest string, layer io.Reader, options *archive.TarOptions

cmd := reexec.Command("storage-applyLayer", dest)
cmd.Stdin = layer
cmd.Env = append(cmd.Env, fmt.Sprintf("OPT=%s", data))
cmd.Env = append(os.Environ(), fmt.Sprintf("OPT=%s", data))

outBuf, errBuf := new(bytes.Buffer), new(bytes.Buffer)
cmd.Stdout, cmd.Stderr = outBuf, errBuf
Expand Down
5 changes: 0 additions & 5 deletions vendor/github.com/opencontainers/runc/libcontainer/userns/userns.go
View file

This file was deleted.

16 changes: 0 additions & 16 deletions vendor/github.com/opencontainers/runc/libcontainer/userns/userns_fuzzer.go
View file

This file was deleted.

37 changes: 0 additions & 37 deletions vendor/github.com/opencontainers/runc/libcontainer/userns/userns_linux.go
View file

This file was deleted.

18 changes: 0 additions & 18 deletions vendor/github.com/opencontainers/runc/libcontainer/userns/userns_unsupported.go
View file

This file was deleted.

1 change: 0 additions & 1 deletion vendor/modules.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,6 @@ github.com/opencontainers/go-digest
# github.com/opencontainers/runc v1.1.4
## explicit
github.com/opencontainers/runc/libcontainer/user
github.com/opencontainers/runc/libcontainer/userns
# github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
## explicit
github.com/opencontainers/runtime-spec/specs-go
Expand Down

0 comments on commit b321881

Please sign in to comment.