17
17
package container
18
18
19
19
import (
20
+ "bufio"
20
21
"context"
21
22
"fmt"
23
+ "io"
24
+ "os"
22
25
"os/user"
23
26
"strconv"
24
27
@@ -73,6 +76,47 @@ func withAdditionalUmask(umask uint32) oci.SpecOpts {
73
76
}
74
77
}
75
78
79
+ func parseMappingsProc () (uidmap , gidmap []specs.LinuxIDMapping , err error ) {
80
+ parseMappingProc := func (fn string ) ([]specs.LinuxIDMapping , error ) {
81
+ f , err := os .Open (fn )
82
+ if err != nil {
83
+ return nil , err
84
+ }
85
+ defer f .Close ()
86
+ mappings := []specs.LinuxIDMapping {}
87
+ for buf := bufio .NewReader (f ); ; {
88
+ line , _ , err := buf .ReadLine ()
89
+ if err != nil {
90
+ if err == io .EOF {
91
+ return mappings , nil
92
+ }
93
+ return nil , fmt .Errorf ("Failed to read line from %s: %w" , fn , err )
94
+ }
95
+ if line == nil {
96
+ return mappings , nil
97
+ }
98
+ var cID , hID , size uint32 = 0 , 0 , 0
99
+ if _ , err := fmt .Sscanf (string (line ), "%d %d %d" , & cID , & hID , & size ); err != nil {
100
+ return nil , fmt .Errorf ("Failed to parse %s: %w" , line , err )
101
+ }
102
+ mappings = append (mappings , specs.LinuxIDMapping {
103
+ ContainerID : cID ,
104
+ HostID : hID ,
105
+ Size : size ,
106
+ })
107
+ }
108
+ }
109
+ uidmap , err = parseMappingProc ("/proc/self/uid_map" )
110
+ if err != nil {
111
+ return nil , nil , err
112
+ }
113
+ gidmap , err = parseMappingProc ("/proc/self/gid_map" )
114
+ if err != nil {
115
+ return nil , nil , err
116
+ }
117
+ return uidmap , gidmap , nil
118
+ }
119
+
76
120
func generateUserNSOpts (userns string ) ([]oci.SpecOpts , error ) {
77
121
switch userns {
78
122
case "host" :
@@ -85,6 +129,17 @@ func generateUserNSOpts(userns string) ([]oci.SpecOpts, error) {
85
129
return b
86
130
}
87
131
132
+ if ! rootlessutil .IsRootless () {
133
+ uidmap , gidmap , err := parseMappingsProc ()
134
+ if err != nil {
135
+ return nil , err
136
+ }
137
+ return []oci.SpecOpts {
138
+ oci .WithUserNamespace (uidmap , gidmap ),
139
+ oci .WithUIDGID (0 , 0 ),
140
+ }, nil
141
+ }
142
+
88
143
uid := rootlessutil .ParentEUID ()
89
144
gid := rootlessutil .ParentEGID ()
90
145
0 commit comments