2016-04-22 08:06:35 +08:00
|
|
|
// +build linux
|
|
|
|
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2016-04-26 06:21:07 +08:00
|
|
|
"encoding/json"
|
2020-05-17 08:20:44 +08:00
|
|
|
"errors"
|
2016-04-22 08:06:35 +08:00
|
|
|
"fmt"
|
2016-04-26 06:21:07 +08:00
|
|
|
"os"
|
2016-04-22 08:06:35 +08:00
|
|
|
"os/exec"
|
2016-10-10 09:22:16 +08:00
|
|
|
"strconv"
|
2016-04-22 08:06:35 +08:00
|
|
|
"strings"
|
|
|
|
|
Disable rootless mode except RootlessCgMgr when executed as the root in userns
This PR decomposes `libcontainer/configs.Config.Rootless bool` into `RootlessEUID bool` and
`RootlessCgroups bool`, so as to make "runc-in-userns" to be more compatible with "rootful" runc.
`RootlessEUID` denotes that runc is being executed as a non-root user (euid != 0) in
the current user namespace. `RootlessEUID` is almost identical to the former `Rootless`
except cgroups stuff.
`RootlessCgroups` denotes that runc is unlikely to have the full access to cgroups.
`RootlessCgroups` is set to false if runc is executed as the root (euid == 0) in the initial namespace.
Otherwise `RootlessCgroups` is set to true.
(Hint: if `RootlessEUID` is true, `RootlessCgroups` becomes true as well)
When runc is executed as the root (euid == 0) in an user namespace (e.g. by Docker-in-LXD, Podman, Usernetes),
`RootlessEUID` is set to false but `RootlessCgroups` is set to true.
So, "runc-in-userns" behaves almost same as "rootful" runc except that cgroups errors are ignored.
This PR does not have any impact on CLI flags and `state.json`.
Note about CLI:
* Now `runc --rootless=(auto|true|false)` CLI flag is only used for setting `RootlessCgroups`.
* Now `runc spec --rootless` is only required when `RootlessEUID` is set to true.
For runc-in-userns, `runc spec` without `--rootless` should work, when sufficient numbers of
UID/GID are mapped.
Note about `$XDG_RUNTIME_DIR` (e.g. `/run/user/1000`):
* `$XDG_RUNTIME_DIR` is ignored if runc is being executed as the root (euid == 0) in the initial namespace, for backward compatibility.
(`/run/runc` is used)
* If runc is executed as the root (euid == 0) in an user namespace, `$XDG_RUNTIME_DIR` is honored if `$USER != "" && $USER != "root"`.
This allows unprivileged users to allow execute runc as the root in userns, without mounting writable `/run/runc`.
Note about `state.json`:
* `rootless` is set to true when `RootlessEUID == true && RootlessCgroups == true`.
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-07-05 14:28:21 +08:00
|
|
|
"github.com/sirupsen/logrus"
|
2016-06-07 02:45:46 +08:00
|
|
|
"github.com/urfave/cli"
|
2016-04-22 08:06:35 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
var psCommand = cli.Command{
|
|
|
|
Name: "ps",
|
|
|
|
Usage: "ps displays the processes running inside a container",
|
2016-09-24 12:20:52 +08:00
|
|
|
ArgsUsage: `<container-id> [ps options]`,
|
2016-04-26 06:21:07 +08:00
|
|
|
Flags: []cli.Flag{
|
|
|
|
cli.StringFlag{
|
|
|
|
Name: "format, f",
|
2017-02-18 23:04:47 +08:00
|
|
|
Value: "table",
|
2016-05-24 18:52:29 +08:00
|
|
|
Usage: `select one of: ` + formatOptions,
|
2016-04-26 06:21:07 +08:00
|
|
|
},
|
|
|
|
},
|
2016-05-10 13:58:09 +08:00
|
|
|
Action: func(context *cli.Context) error {
|
2016-10-28 23:43:10 +08:00
|
|
|
if err := checkArgs(context, 1, minArgs); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
Disable rootless mode except RootlessCgMgr when executed as the root in userns
This PR decomposes `libcontainer/configs.Config.Rootless bool` into `RootlessEUID bool` and
`RootlessCgroups bool`, so as to make "runc-in-userns" to be more compatible with "rootful" runc.
`RootlessEUID` denotes that runc is being executed as a non-root user (euid != 0) in
the current user namespace. `RootlessEUID` is almost identical to the former `Rootless`
except cgroups stuff.
`RootlessCgroups` denotes that runc is unlikely to have the full access to cgroups.
`RootlessCgroups` is set to false if runc is executed as the root (euid == 0) in the initial namespace.
Otherwise `RootlessCgroups` is set to true.
(Hint: if `RootlessEUID` is true, `RootlessCgroups` becomes true as well)
When runc is executed as the root (euid == 0) in an user namespace (e.g. by Docker-in-LXD, Podman, Usernetes),
`RootlessEUID` is set to false but `RootlessCgroups` is set to true.
So, "runc-in-userns" behaves almost same as "rootful" runc except that cgroups errors are ignored.
This PR does not have any impact on CLI flags and `state.json`.
Note about CLI:
* Now `runc --rootless=(auto|true|false)` CLI flag is only used for setting `RootlessCgroups`.
* Now `runc spec --rootless` is only required when `RootlessEUID` is set to true.
For runc-in-userns, `runc spec` without `--rootless` should work, when sufficient numbers of
UID/GID are mapped.
Note about `$XDG_RUNTIME_DIR` (e.g. `/run/user/1000`):
* `$XDG_RUNTIME_DIR` is ignored if runc is being executed as the root (euid == 0) in the initial namespace, for backward compatibility.
(`/run/runc` is used)
* If runc is executed as the root (euid == 0) in an user namespace, `$XDG_RUNTIME_DIR` is honored if `$USER != "" && $USER != "root"`.
This allows unprivileged users to allow execute runc as the root in userns, without mounting writable `/run/runc`.
Note about `state.json`:
* `rootless` is set to true when `RootlessEUID == true && RootlessCgroups == true`.
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-07-05 14:28:21 +08:00
|
|
|
rootlessCg, err := shouldUseRootlessCgroupManager(context)
|
2018-01-13 15:39:28 +08:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
Disable rootless mode except RootlessCgMgr when executed as the root in userns
This PR decomposes `libcontainer/configs.Config.Rootless bool` into `RootlessEUID bool` and
`RootlessCgroups bool`, so as to make "runc-in-userns" to be more compatible with "rootful" runc.
`RootlessEUID` denotes that runc is being executed as a non-root user (euid != 0) in
the current user namespace. `RootlessEUID` is almost identical to the former `Rootless`
except cgroups stuff.
`RootlessCgroups` denotes that runc is unlikely to have the full access to cgroups.
`RootlessCgroups` is set to false if runc is executed as the root (euid == 0) in the initial namespace.
Otherwise `RootlessCgroups` is set to true.
(Hint: if `RootlessEUID` is true, `RootlessCgroups` becomes true as well)
When runc is executed as the root (euid == 0) in an user namespace (e.g. by Docker-in-LXD, Podman, Usernetes),
`RootlessEUID` is set to false but `RootlessCgroups` is set to true.
So, "runc-in-userns" behaves almost same as "rootful" runc except that cgroups errors are ignored.
This PR does not have any impact on CLI flags and `state.json`.
Note about CLI:
* Now `runc --rootless=(auto|true|false)` CLI flag is only used for setting `RootlessCgroups`.
* Now `runc spec --rootless` is only required when `RootlessEUID` is set to true.
For runc-in-userns, `runc spec` without `--rootless` should work, when sufficient numbers of
UID/GID are mapped.
Note about `$XDG_RUNTIME_DIR` (e.g. `/run/user/1000`):
* `$XDG_RUNTIME_DIR` is ignored if runc is being executed as the root (euid == 0) in the initial namespace, for backward compatibility.
(`/run/runc` is used)
* If runc is executed as the root (euid == 0) in an user namespace, `$XDG_RUNTIME_DIR` is honored if `$USER != "" && $USER != "root"`.
This allows unprivileged users to allow execute runc as the root in userns, without mounting writable `/run/runc`.
Note about `state.json`:
* `rootless` is set to true when `RootlessEUID == true && RootlessCgroups == true`.
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-07-05 14:28:21 +08:00
|
|
|
if rootlessCg {
|
|
|
|
logrus.Warn("runc ps may fail if you don't have the full access to cgroups")
|
2016-04-23 21:39:42 +08:00
|
|
|
}
|
|
|
|
|
2016-04-22 08:06:35 +08:00
|
|
|
container, err := getContainer(context)
|
|
|
|
if err != nil {
|
2016-05-10 13:58:09 +08:00
|
|
|
return err
|
2016-04-22 08:06:35 +08:00
|
|
|
}
|
|
|
|
|
2016-06-06 02:17:44 +08:00
|
|
|
pids, err := container.Processes()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2017-02-18 23:04:47 +08:00
|
|
|
switch context.String("format") {
|
|
|
|
case "table":
|
|
|
|
case "json":
|
2017-01-07 07:57:31 +08:00
|
|
|
return json.NewEncoder(os.Stdout).Encode(pids)
|
2017-02-18 23:04:47 +08:00
|
|
|
default:
|
2020-05-17 08:20:44 +08:00
|
|
|
return errors.New("invalid format option")
|
2016-04-26 06:21:07 +08:00
|
|
|
}
|
|
|
|
|
2016-07-07 18:36:26 +08:00
|
|
|
// [1:] is to remove command name, ex:
|
|
|
|
// context.Args(): [containet_id ps_arg1 ps_arg2 ...]
|
|
|
|
// psArgs: [ps_arg1 ps_arg2 ...]
|
|
|
|
//
|
|
|
|
psArgs := context.Args()[1:]
|
|
|
|
if len(psArgs) == 0 {
|
2016-10-10 09:22:16 +08:00
|
|
|
psArgs = []string{"-ef"}
|
2016-04-22 08:06:35 +08:00
|
|
|
}
|
|
|
|
|
2016-09-29 12:26:07 +08:00
|
|
|
cmd := exec.Command("ps", psArgs...)
|
|
|
|
output, err := cmd.CombinedOutput()
|
2016-04-22 08:06:35 +08:00
|
|
|
if err != nil {
|
2016-09-29 12:26:07 +08:00
|
|
|
return fmt.Errorf("%s: %s", err, output)
|
2016-04-22 08:06:35 +08:00
|
|
|
}
|
|
|
|
|
2016-10-10 09:22:16 +08:00
|
|
|
lines := strings.Split(string(output), "\n")
|
|
|
|
pidIndex, err := getPidIndex(lines[0])
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
fmt.Println(lines[0])
|
|
|
|
for _, line := range lines[1:] {
|
|
|
|
if len(line) == 0 {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
fields := strings.Fields(line)
|
|
|
|
p, err := strconv.Atoi(fields[pidIndex])
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("unexpected pid '%s': %s", fields[pidIndex], err)
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, pid := range pids {
|
|
|
|
if pid == p {
|
|
|
|
fmt.Println(line)
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2016-05-10 13:58:09 +08:00
|
|
|
return nil
|
2016-04-22 08:06:35 +08:00
|
|
|
},
|
2016-09-18 09:34:06 +08:00
|
|
|
SkipArgReorder: true,
|
2016-04-22 08:06:35 +08:00
|
|
|
}
|
2016-10-10 09:22:16 +08:00
|
|
|
|
|
|
|
func getPidIndex(title string) (int, error) {
|
|
|
|
titles := strings.Fields(title)
|
|
|
|
|
|
|
|
pidIndex := -1
|
|
|
|
for i, name := range titles {
|
|
|
|
if name == "PID" {
|
|
|
|
return i, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-05-17 08:20:44 +08:00
|
|
|
return pidIndex, errors.New("couldn't find PID field in ps output")
|
2016-10-10 09:22:16 +08:00
|
|
|
}
|