Remove "root" and "" special cases in libcontainer

These are unnecessary since the user package handles these cases properly already (as evidenced by the LXC backend not having these special cases). I also updated the errors returned to match the other libcontainer error messages in this same file. Also, switching from Setresuid to Setuid directly isn't a problem, because the "setuid" system call will automatically do that if our own effective UID is root currently: (from `man 2 setuid`) setuid() sets the effective user ID of the calling process. If the effective UID of the caller is root, the real UID and saved set-user- ID are also set. Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2022-11-09 12:21:53 -05:00 · 2014-04-28 16:46:03 -06:00 · 2014-04-28 16:46:03 -06:00 · d98069030d
commit d98069030d
parent af72ca199d
1 changed files with 12 additions and 25 deletions
--- a/pkg/libcontainer/nsinit/init.go
+++ b/pkg/libcontainer/nsinit/init.go
@ -83,31 +83,18 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol
 }

 func setupUser(container *libcontainer.Container) error {
-	switch container.User {
-	case "root", "":
-		if err := system.Setgroups(nil); err != nil {
-			return err
-		}
-		if err := system.Setresgid(0, 0, 0); err != nil {
-			return err
-		}
-		if err := system.Setresuid(0, 0, 0); err != nil {
-			return err
-		}
-	default:
 	uid, gid, suppGids, err := user.GetUserGroupSupplementary(container.User, syscall.Getuid(), syscall.Getgid())
 	if err != nil {
-			return err
+		return fmt.Errorf("GetUserGroupSupplementary %s", err)
 	}
 	if err := system.Setgroups(suppGids); err != nil {
-			return err
+		return fmt.Errorf("setgroups %s", err)
 	}
 	if err := system.Setgid(gid); err != nil {
-			return err
+		return fmt.Errorf("setgid %s", err)
 	}
 	if err := system.Setuid(uid); err != nil {
-			return err
-		}
+		return fmt.Errorf("setuid %s", err)
 	}
 	return nil
 }