1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00

Honor user passed on container in nsinit

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby 2014-02-24 13:52:56 -08:00
parent 01f9815b55
commit 1c79b747bb
2 changed files with 33 additions and 9 deletions

View file

@ -8,6 +8,7 @@ import (
"github.com/dotcloud/docker/pkg/libcontainer/capabilities" "github.com/dotcloud/docker/pkg/libcontainer/capabilities"
"github.com/dotcloud/docker/pkg/libcontainer/network" "github.com/dotcloud/docker/pkg/libcontainer/network"
"github.com/dotcloud/docker/pkg/system" "github.com/dotcloud/docker/pkg/system"
"github.com/dotcloud/docker/pkg/user"
"log" "log"
"os" "os"
"os/exec" "os/exec"
@ -110,15 +111,30 @@ func resolveRootfs(uncleanRootfs string) (string, error) {
} }
func setupUser(container *libcontainer.Container) error { func setupUser(container *libcontainer.Container) error {
// TODO: honor user passed on container if container.User != "" {
if err := system.Setgroups(nil); err != nil { uid, gid, suppGids, err := user.GetUserGroupSupplementary(container.User, syscall.Getuid(), syscall.Getgid())
return err if err != nil {
} return err
if err := system.Setresgid(0, 0, 0); err != nil { }
return err if err := system.Setgroups(suppGids); err != nil {
} return err
if err := system.Setresuid(0, 0, 0); err != nil { }
return err if err := system.Setgid(gid); err != nil {
return err
}
if err := system.Setuid(uid); err != nil {
return err
}
} else {
if err := system.Setgroups(nil); err != nil {
return err
}
if err := system.Setresgid(0, 0, 0); err != nil {
return err
}
if err := system.Setresuid(0, 0, 0); err != nil {
return err
}
} }
return nil return nil
} }

View file

@ -71,6 +71,14 @@ func Setresuid(ruid, euid, suid int) error {
return syscall.Setresuid(ruid, euid, suid) return syscall.Setresuid(ruid, euid, suid)
} }
func Setgid(gid int) error {
return syscall.Setgid(gid)
}
func Setuid(uid int) error {
return syscall.Setuid(uid)
}
func Sethostname(name string) error { func Sethostname(name string) error {
return syscall.Sethostname([]byte(name)) return syscall.Sethostname([]byte(name))
} }