rootless: don't create a namespace unless for containers-storage

This change fixes skopeo usage in restricted environment such as
bubblewrap where it doesn't need extra capabilities or user namespace
to perform its action.

Close #649
Depends-On: containers/image#631
Signed-off-by: Tristan Cacqueray <tdecacqu@redhat.com>

cmd/skopeo/copy.go

@@ -50,7 +50,6 @@ func copyCmd(global *globalOptions) cli.Command {
 	`, strings.Join(transports.ListNames(), ", ")),
 		ArgsUsage: "SOURCE-IMAGE DESTINATION-IMAGE",
 		Action:    commandAction(opts.run),
-		Before:    needsRexec,
 		// FIXME: Do we need to namespace the GPG aspect?
 		Flags: append(append(append([]cli.Flag{
 			cli.StringSliceFlag{
@@ -87,6 +86,10 @@ func (opts *copyOptions) run(args []string, stdout io.Writer) error {
 		return errorShouldDisplayUsage{errors.New("Exactly two arguments expected")}
 	}
 
+	if err := needReexec(args); err != nil {
+		return err
+	}
+
 	policyContext, err := opts.global.getPolicyContext()
 	if err != nil {
 		return fmt.Errorf("Error loading trust policy: %v", err)

cmd/skopeo/delete.go

@@ -24,9 +24,8 @@ func deleteCmd(global *globalOptions) cli.Command {
 		image:  imageOpts,
 	}
 	return cli.Command{
-		Before: needsRexec,
-		Name:   "delete",
-		Usage:  "Delete image IMAGE-NAME",
+		Name:  "delete",
+		Usage: "Delete image IMAGE-NAME",
 		Description: fmt.Sprintf(`
 	Delete an "IMAGE_NAME" from a transport
 
@@ -46,6 +45,10 @@ func (opts *deleteOptions) run(args []string, stdout io.Writer) error {
 		return errors.New("Usage: delete imageReference")
 	}
 
+	if err := needReexec(args); err != nil {
+		return err
+	}
+
 	ref, err := alltransports.ParseImageName(args[0])
 	if err != nil {
 		return fmt.Errorf("Invalid source name %s: %v", args[0], err)

cmd/skopeo/inspect.go

@@ -68,7 +68,6 @@ func inspectCmd(global *globalOptions) cli.Command {
 				Destination: &opts.config,
 			},
 		}, sharedFlags...), imageFlags...),
-		Before: needsRexec,
 		Action: commandAction(opts.run),
 	}
 }
@@ -80,6 +79,11 @@ func (opts *inspectOptions) run(args []string, stdout io.Writer) (retErr error)
 	if len(args) != 1 {
 		return errors.New("Exactly one argument expected")
 	}
+
+	if err := needReexec(args); err != nil {
+		return err
+	}
+
 	img, err := parseImage(ctx, opts.image, args[0])
 	if err != nil {
 		return err

cmd/skopeo/layers.go

@@ -32,7 +32,6 @@ func layersCmd(global *globalOptions) cli.Command {
 		Name:      "layers",
 		Usage:     "Get layers of IMAGE-NAME",
 		ArgsUsage: "IMAGE-NAME [LAYER...]",
-		Before:    needsRexec,
 		Hidden:    true,
 		Action:    commandAction(opts.run),
 		Flags:     append(sharedFlags, imageFlags...),
@@ -45,6 +44,12 @@ func (opts *layersOptions) run(args []string, stdout io.Writer) (retErr error) {
 		return errors.New("Usage: layers imageReference [layer...]")
 	}
 
+	imageNames := make([]string, 1)
+	imageNames[0] = args[0]
+	if err := needReexec(imageNames); err != nil {
+		return err
+	}
+
 	ctx, cancel := opts.global.commandTimeoutContext()
 	defer cancel()
 

cmd/skopeo/unshare.go

@@ -5,3 +5,7 @@ package main
 func maybeReexec() error {
 	return nil
 }
+
+func needReexec(inputImageNames []string) error {
+	return nil
+}

cmd/skopeo/unshare_linux.go

@@ -2,6 +2,8 @@ package main
 
 import (
 	"github.com/containers/buildah/pkg/unshare"
+	"github.com/containers/image/storage"
+	"github.com/containers/image/transports"
 	"github.com/pkg/errors"
 	"github.com/syndtr/gocapability/capability"
 )
@@ -32,3 +34,13 @@ func maybeReexec() error {
 	}
 	return nil
 }
+
+func needReexec(imageNames []string) error {
+	// Check if container-storage are used before doing unshare
+	for _, imageName := range imageNames {
+		if transports.TransportFromImageName(imageName).Name() == storage.Transport.Name() {
+			return maybeReexec()
+		}
+	}
+	return nil
+}

cmd/skopeo/utils.go

@@ -16,10 +16,6 @@ type errorShouldDisplayUsage struct {
 	error
 }
 
-func needsRexec(c *cli.Context) error {
-	return maybeReexec()
-}
-
 // commandAction intermediates between the cli.ActionFunc interface and the real handler,
 // primarily to ensure that cli.Context is not available to the handler, which in turn
 // makes sure that the cli.String() etc. flag access functions are not used,

vendor.conf

@@ -2,7 +2,7 @@
 github.com/urfave/cli v1.20.0
 github.com/kr/pretty v0.1.0
 github.com/kr/text v0.1.0
-github.com/containers/image ff926d3c79684793a2135666a2cb738f44ba33dc
+github.com/containers/image d6424f9968a50d0effec269b0397180e78c44161
 github.com/containers/buildah 810efa340ab43753034e2ed08ec290e4abab7e72
 github.com/vbauerster/mpb v3.3.4
 github.com/mattn/go-isatty v0.0.4