github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

oci: expose getUserFromPath and getGIDFromPath

Browse Source 
These functions are planned to be used for implementing `nerdctl exec --user`.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit is contained in:
Akihiro Suda 2020-12-14 21:53:17 +09:00
parent 7b0149ac4a
commit 8a57d70a50
No known key found for this signature in database
GPG Key ID: 49524C6F9F638F1A
1 changed files with 22 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
oci/spec_opts.go
View File

@ -536,7 +536,7 @@ func WithUser(userstr string) SpecOpts {
} }
f := func(root string) error { f := func(root string) error {
if username != "" { if username != "" {
user, err := getUserFromPath(root, func(u user.User) bool { user, err := UserFromPath(root, func(u user.User) bool {
return u.Name == username return u.Name == username
}) })
if err != nil { if err != nil {
@ -545,7 +545,7 @@ func WithUser(userstr string) SpecOpts {
uid = uint32(user.Uid) uid = uint32(user.Uid)
} }
if groupname != "" { if groupname != "" {
gid, err = getGIDFromPath(root, func(g user.Group) bool { gid, err = GIDFromPath(root, func(g user.Group) bool {
return g.Name == groupname return g.Name == groupname
}) })
if err != nil { if err != nil {
@ -600,11 +600,11 @@ func WithUserID(uid uint32) SpecOpts {
if !isRootfsAbs(s.Root.Path) { if !isRootfsAbs(s.Root.Path) {
return errors.Errorf("rootfs absolute path is required") return errors.Errorf("rootfs absolute path is required")
} }
user, err := getUserFromPath(s.Root.Path, func(u user.User) bool { user, err := UserFromPath(s.Root.Path, func(u user.User) bool {
return u.Uid == int(uid) return u.Uid == int(uid)
}) })
if err != nil { if err != nil {
if os.IsNotExist(err) || err == errNoUsersFound { if os.IsNotExist(err) || err == ErrNoUsersFound {
s.Process.User.UID, s.Process.User.GID = uid, 0 s.Process.User.UID, s.Process.User.GID = uid, 0
return nil return nil
} }
@ -626,11 +626,11 @@ func WithUserID(uid uint32) SpecOpts {
return err return err
} }
return mount.WithTempMount(ctx, mounts, func(root string) error { return mount.WithTempMount(ctx, mounts, func(root string) error {
user, err := getUserFromPath(root, func(u user.User) bool { user, err := UserFromPath(root, func(u user.User) bool {
return u.Uid == int(uid) return u.Uid == int(uid)
}) })
if err != nil { if err != nil {
if os.IsNotExist(err) || err == errNoUsersFound { if os.IsNotExist(err) || err == ErrNoUsersFound {
s.Process.User.UID, s.Process.User.GID = uid, 0 s.Process.User.UID, s.Process.User.GID = uid, 0
return nil return nil
} }
@ -654,7 +654,7 @@ func WithUsername(username string) SpecOpts {
if !isRootfsAbs(s.Root.Path) { if !isRootfsAbs(s.Root.Path) {
return errors.Errorf("rootfs absolute path is required") return errors.Errorf("rootfs absolute path is required")
} }
user, err := getUserFromPath(s.Root.Path, func(u user.User) bool { user, err := UserFromPath(s.Root.Path, func(u user.User) bool {
return u.Name == username return u.Name == username
}) })
if err != nil { if err != nil {
@ -675,7 +675,7 @@ func WithUsername(username string) SpecOpts {
return err return err
} }
return mount.WithTempMount(ctx, mounts, func(root string) error { return mount.WithTempMount(ctx, mounts, func(root string) error {
user, err := getUserFromPath(root, func(u user.User) bool { user, err := UserFromPath(root, func(u user.User) bool {
return u.Name == username return u.Name == username
}) })
if err != nil { if err != nil {
@ -707,11 +707,11 @@ func WithAdditionalGIDs(userstr string) SpecOpts {
var username string var username string
uid, err := strconv.Atoi(userstr) uid, err := strconv.Atoi(userstr)
if err == nil { if err == nil {
user, err := getUserFromPath(root, func(u user.User) bool { user, err := UserFromPath(root, func(u user.User) bool {
return u.Uid == uid return u.Uid == uid
}) })
if err != nil { if err != nil {
if os.IsNotExist(err) || err == errNoUsersFound { if os.IsNotExist(err) || err == ErrNoUsersFound {
return nil return nil
} }
return err return err
@ -869,9 +869,12 @@ func WithAmbientCapabilities(caps []string) SpecOpts {
} }
} }
var errNoUsersFound = errors.New("no users found") // ErrNoUsersFound can be returned from UserFromPath
var ErrNoUsersFound = errors.New("no users found")
func getUserFromPath(root string, filter func(user.User) bool) (user.User, error) { // UserFromPath inspects the user object using /etc/passwd in the specified rootfs.
// filter can be nil.
func UserFromPath(root string, filter func(user.User) bool) (user.User, error) {
ppath, err := fs.RootPath(root, "/etc/passwd") ppath, err := fs.RootPath(root, "/etc/passwd")
if err != nil { if err != nil {
return user.User{}, err return user.User{}, err
@ -881,14 +884,17 @@ func getUserFromPath(root string, filter func(user.User) bool) (user.User, error
return user.User{}, err return user.User{}, err
} }
if len(users) == 0 { if len(users) == 0 {
return user.User{}, errNoUsersFound return user.User{}, ErrNoUsersFound
} }
return users[0], nil return users[0], nil
} }
var errNoGroupsFound = errors.New("no groups found") // ErrNoGroupsFound can be returned from GIDFromPath
var ErrNoGroupsFound = errors.New("no groups found")
func getGIDFromPath(root string, filter func(user.Group) bool) (gid uint32, err error) { // GIDFromPath inspects the GID using /etc/passwd in the specified rootfs.
// filter can be nil.
func GIDFromPath(root string, filter func(user.Group) bool) (gid uint32, err error) {
gpath, err := fs.RootPath(root, "/etc/group") gpath, err := fs.RootPath(root, "/etc/group")
if err != nil { if err != nil {
return 0, err return 0, err
@ -898,7 +904,7 @@ func getGIDFromPath(root string, filter func(user.Group) bool) (gid uint32, err
return 0, err return 0, err
} }
if len(groups) == 0 { if len(groups) == 0 {
return 0, errNoGroupsFound return 0, ErrNoGroupsFound
} }
g := groups[0] g := groups[0]
return uint32(g.Gid), nil return uint32(g.Gid), nil