Commit Graph

12 Commits

Author SHA1 Message Date
Tibor Vass c205e9fb64 libcontainer: fix compilation on GOARCH=arm GOARM=6 (32 bits)
This fixes the following compilation error on 32bit ARM:
```
$ GOARCH=arm GOARCH=6 go build ./libcontainer/system/
libcontainer/system/linux.go:119:89: constant 4294967295 overflows int
```

Signed-off-by: Tibor Vass <tibor@docker.com>
2018-06-14 18:33:14 +00:00
Akihiro Suda 9c7d8bc1fd libcontainer: add parser for /etc/sub{u,g}id and /proc/PID/{u,g}id_map
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-05-10 12:16:43 +09:00
Vincent Batts bf74951617
libcontainer/user: platform dependent calls
This rearranges a bit of the user and group lookup, such that only a
basic subset is exposed.

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2018-02-28 14:14:24 -05:00
Kenfe-Mickael Laventure 6056912217
Revert "Merge pull request #1450 from vrothberg/sgid-non-numeric"
This reverts commit 5c73abbe75, reversing
changes made to 51b501dab1.

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-08-04 14:28:21 -07:00
Valentin Rothberg 77421139ab libcontainer/user: add supplementary groups only for non-numeric users
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
2017-05-16 13:54:27 +02:00
Wang Long dde4b1a885 user: fix the parameter error
The parameters passed to `GetExecUser` is not correct.
Consider the following code:

```
package main

import (
	"fmt"
	"io"
	"os"
)

func main() {
	passwd, err := os.Open("/etc/passwd1")
	if err != nil {
		passwd = nil
	} else {
		defer passwd.Close()
	}

	err = GetUserPasswd(passwd)
	if err != nil {
		fmt.Printf("%#v\n", err)
	}
}

func GetUserPasswd(r io.Reader) error {
	if r == nil {
		return fmt.Errorf("nil source for passwd-formatted
data")
	} else {
		fmt.Printf("r = %#v\n", r)
	}
	return nil
}
```

If the file `/etc/passwd1` is not exist, we expect to return
`nil source for passwd-formatted data` error, and in fact, the func
`GetUserPasswd` return nil.

The same logic exists in runc code. this patch fix it.

Signed-off-by: Wang Long <long.wanglong@huawei.com>
2017-01-19 10:02:47 +08:00
Lei Jitang 689a116d18 Cleanup: remove redundant code
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2017-01-09 01:56:14 -05:00
Aleksa Sarai 3cfff676b1 libcontainer: user: general cleanups
Some of the code was quite confusing inside libcontainer/user, so
refactor and comment it so future maintainers can understand what's
going and what edge cases we have to deal with.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-03-31 07:44:16 +11:00
Aleksa Sarai 69af385de6 libcontainer: user: always treat numeric ids numerically
Most shadow-related tools don't treat numeric ids as potential
usernames, so change our behaviour to match that. Previously, using an
explicit specification like 111:222 could result in the UID and GID not
being 111 and 222 respectively (which is confusing).

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-03-31 07:33:31 +11:00
Sami Wagiaalla c25c38cc80 Allow numeric groups for containers without /etc/group
/etc/groups is not needed when specifying numeric group ids. This
change allows containers without /etc/groups to specify numeric
supplemental groups.

Signed-off-by: Sami Wagiaalla <swagiaal@redhat.com>
2015-10-04 19:02:35 -04:00
Aleksa Sarai 85f722dea0 libcontainer: user: fix GetAdditionalGroupsPath to match API
The old GetAdditionalGroups* API didn't match the rest of
libcontainer/user, we make functions that take io.Readers and then make
wrappers around them. Otherwise we have to do dodgy stuff when testing
our code.

Fixes: d4ece29c0b ("refactor GetAdditionalGroupsPath")
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2015-06-28 11:23:01 +10:00
Michael Crosby 8f97d39dd2 Move libcontainer into subdirectory
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-21 19:29:15 -07:00