github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

oci: expose getUserFromPath and getGIDFromPath

Browse Source 
These functions are planned to be used for implementing `nerdctl exec --user`.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit is contained in:
Akihiro Suda 2020-12-14 21:53:17 +09:00
parent 7b0149ac4a
commit 8a57d70a50
No known key found for this signature in database
GPG Key ID: 49524C6F9F638F1A
1 changed files with 22 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
oci/spec_opts.go
View File

@ -536,7 +536,7 @@ func WithUser(userstr string) SpecOpts {
}
f := func(root string) error {
if username != "" {
user, err := getUserFromPath(root, func(u user.User) bool {
user, err := UserFromPath(root, func(u user.User) bool {
return u.Name == username
})
if err != nil {
@ -545,7 +545,7 @@ func WithUser(userstr string) SpecOpts {
uid = uint32(user.Uid)
}
if groupname != "" {
gid, err = getGIDFromPath(root, func(g user.Group) bool {
gid, err = GIDFromPath(root, func(g user.Group) bool {
return g.Name == groupname
})
if err != nil {
@ -600,11 +600,11 @@ func WithUserID(uid uint32) SpecOpts {
if !isRootfsAbs(s.Root.Path) {
return errors.Errorf("rootfs absolute path is required")
}
user, err := getUserFromPath(s.Root.Path, func(u user.User) bool {
user, err := UserFromPath(s.Root.Path, func(u user.User) bool {
return u.Uid == int(uid)
})
if err != nil {
if os.IsNotExist(err) || err == errNoUsersFound {
if os.IsNotExist(err) || err == ErrNoUsersFound {
s.Process.User.UID, s.Process.User.GID = uid, 0
return nil
}
@ -626,11 +626,11 @@ func WithUserID(uid uint32) SpecOpts {
return err
}
return mount.WithTempMount(ctx, mounts, func(root string) error {
user, err := getUserFromPath(root, func(u user.User) bool {
user, err := UserFromPath(root, func(u user.User) bool {
return u.Uid == int(uid)
})
if err != nil {
if os.IsNotExist(err) || err == errNoUsersFound {
if os.IsNotExist(err) || err == ErrNoUsersFound {
s.Process.User.UID, s.Process.User.GID = uid, 0
return nil
}
@ -654,7 +654,7 @@ func WithUsername(username string) SpecOpts {
if !isRootfsAbs(s.Root.Path) {
return errors.Errorf("rootfs absolute path is required")
}
user, err := getUserFromPath(s.Root.Path, func(u user.User) bool {
user, err := UserFromPath(s.Root.Path, func(u user.User) bool {
return u.Name == username
})
if err != nil {
@ -675,7 +675,7 @@ func WithUsername(username string) SpecOpts {
return err
}
return mount.WithTempMount(ctx, mounts, func(root string) error {
user, err := getUserFromPath(root, func(u user.User) bool {
user, err := UserFromPath(root, func(u user.User) bool {
return u.Name == username
})
if err != nil {
@ -707,11 +707,11 @@ func WithAdditionalGIDs(userstr string) SpecOpts {
var username string
uid, err := strconv.Atoi(userstr)
if err == nil {
user, err := getUserFromPath(root, func(u user.User) bool {
user, err := UserFromPath(root, func(u user.User) bool {
return u.Uid == uid
})
if err != nil {
if os.IsNotExist(err) || err == errNoUsersFound {
if os.IsNotExist(err) || err == ErrNoUsersFound {
return nil
}
return err
@ -869,9 +869,12 @@ func WithAmbientCapabilities(caps []string) SpecOpts {
}
}
var errNoUsersFound = errors.New("no users found")
// ErrNoUsersFound can be returned from UserFromPath
var ErrNoUsersFound = errors.New("no users found")
func getUserFromPath(root string, filter func(user.User) bool) (user.User, error) {
// UserFromPath inspects the user object using /etc/passwd in the specified rootfs.
// filter can be nil.
func UserFromPath(root string, filter func(user.User) bool) (user.User, error) {
ppath, err := fs.RootPath(root, "/etc/passwd")
if err != nil {
return user.User{}, err
@ -881,14 +884,17 @@ func getUserFromPath(root string, filter func(user.User) bool) (user.User, error
return user.User{}, err
}
if len(users) == 0 {
return user.User{}, errNoUsersFound
return user.User{}, ErrNoUsersFound
}
return users[0], nil
}
var errNoGroupsFound = errors.New("no groups found")
// ErrNoGroupsFound can be returned from GIDFromPath
var ErrNoGroupsFound = errors.New("no groups found")
func getGIDFromPath(root string, filter func(user.Group) bool) (gid uint32, err error) {
// GIDFromPath inspects the GID using /etc/passwd in the specified rootfs.
// filter can be nil.
func GIDFromPath(root string, filter func(user.Group) bool) (gid uint32, err error) {
gpath, err := fs.RootPath(root, "/etc/group")
if err != nil {
return 0, err
@ -898,7 +904,7 @@ func getGIDFromPath(root string, filter func(user.Group) bool) (gid uint32, err
return 0, err
}
if len(groups) == 0 {
return 0, errNoGroupsFound
return 0, ErrNoGroupsFound
}
g := groups[0]
return uint32(g.Gid), nil