kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

daemon: improve handling of ROOTLESSKIT_PARENT_EUID

Browse source 
- daemon.WithRootless():  make sure ROOTLESSKIT_PARENT_EUID is valid int
- daemon.RawSysInfo(): minor simplification, and rename variable that
  clashed with imported package.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2021-06-05 21:09:59 +02:00
parent 8dbd90ec00
commit aa4dce742f
No known key found for this signature in database
GPG key ID: 76698F39D527CE8C
2 changed files with 9 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
daemon/daemon_unix.go
View file

@ -1712,15 +1712,13 @@ func (daemon *Daemon) setupSeccompProfile() error {
// RawSysInfo returns *sysinfo.SysInfo . // RawSysInfo returns *sysinfo.SysInfo .
func (daemon *Daemon) RawSysInfo(quiet bool) *sysinfo.SysInfo { func (daemon *Daemon) RawSysInfo(quiet bool) *sysinfo.SysInfo {
var opts []sysinfo.Opt var siOpts []sysinfo.Opt
if daemon.getCgroupDriver() == cgroupSystemdDriver { if daemon.getCgroupDriver() == cgroupSystemdDriver {
rootlesskitParentEUID := os.Getenv("ROOTLESSKIT_PARENT_EUID") if euid := os.Getenv("ROOTLESSKIT_PARENT_EUID"); euid != "" {
if rootlesskitParentEUID != "" { siOpts = append(siOpts, sysinfo.WithCgroup2GroupPath("/user.slice/user-"+euid+".slice"))
groupPath := fmt.Sprintf("/user.slice/user-%s.slice", rootlesskitParentEUID)
opts = append(opts, sysinfo.WithCgroup2GroupPath(groupPath))
} }
} }
return sysinfo.New(quiet, opts...) return sysinfo.New(quiet, siOpts...)
} }
func recursiveUnmount(target string) error { func recursiveUnmount(target string) error {

6
daemon/oci_linux.go
View file

@ -97,7 +97,11 @@ func WithRootless(daemon *Daemon) coci.SpecOpts {
if rootlesskitParentEUID == "" { if rootlesskitParentEUID == "" {
return errors.New("$ROOTLESSKIT_PARENT_EUID is not set (requires RootlessKit v0.8.0)") return errors.New("$ROOTLESSKIT_PARENT_EUID is not set (requires RootlessKit v0.8.0)")
} }
controllersPath := fmt.Sprintf("/sys/fs/cgroup/user.slice/user-%s.slice/cgroup.controllers", rootlesskitParentEUID) euid, err := strconv.Atoi(rootlesskitParentEUID)
if err != nil {
return errors.Wrap(err, "invalid $ROOTLESSKIT_PARENT_EUID: must be a numeric value")
}
controllersPath := fmt.Sprintf("/sys/fs/cgroup/user.slice/user-%d.slice/cgroup.controllers", euid)
controllersFile, err := ioutil.ReadFile(controllersPath) controllersFile, err := ioutil.ReadFile(controllersPath)
if err != nil { if err != nil {
return err return err