Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid #39764

Merged
merged 1 commit into from Nov 8, 2019
Merged

Fix docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid #39764

merged 1 commit into from Nov 8, 2019

Conversation

yongtang
Copy link
Member

This fix tries to address the issue raised in #39353 where docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid.

The issue was that, mapping to /etc/sub[u,g]id in docker does not allow numeric ID.

This fix fixes the issue by probing other combinations (uid:groupname, username:gid, uid:gid) when normal username:groupname fails.

This fix fixes #39353.

Signed-off-by: Yong Tang yong.tang.github@outlook.com

@yongtang yongtang mentioned this pull request Aug 18, 2019
Closed
@thaJeztah
Copy link
Member

wondering if we should do all this magic, or just detect numeric IDs and produce an informative error that username should be used 🤔

@yongtang
Copy link
Member Author

@thaJeztah Not sure if we want to ask user to change /etc/subuid and /etc/subgid file (which might be used by some other systems outside of docker). But I can certainly update the PR to only change the error message if it is desired.

@thaJeztah thaJeztah added the kind/bugfix PR's that fix bugs label Oct 10, 2019
tonistiigi
tonistiigi approved these changes Oct 31, 2019
View reviewed changes
Copy link
Member

@tonistiigi tonistiigi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SGTM

cc @AkihiroSuda

@tonistiigi tonistiigi assigned AkihiroSuda and unassigned runcom Oct 31, 2019
@andrewhsu
Copy link
Member

needs a rebase to get the new jenkinsfile to run today's PR checks. triggering of old jenkins job will not work anymore

@yongtang
Fix docker crash when creating namespaces with UID in /etc/subuid and…
f09dc2f 
… /etc/subgid

This fix tries to address the issue raised in 39353 where
docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid.

The issue was that, mapping to `/etc/sub[u,g]id` in docker does not
allow numeric ID.

This fix fixes the issue by probing other combinations (uid:groupname, username:gid, uid:gid)
when normal username:groupname fails.

This fix fixes 39353.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
@yongtang
Copy link
Member Author

yongtang commented Nov 7, 2019

Rebased and all tests passed. Thanks all 🎉 !

@thaJeztah thaJeztah merged commit 1a88e02 into moby:master Nov 8, 2019
@thaJeztah
Copy link
Member

Thanks!

@yongtang yongtang deleted the 39353-subgid-subuid branch November 8, 2019 01:56
@thaJeztah thaJeztah mentioned this pull request Mar 3, 2020
Merged
@thaJeztah thaJeztah added this to the 20.03.0 milestone Apr 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tonistiigi tonistiigi tonistiigi approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

@thaJeztah thaJeztah Awaiting requested review from thaJeztah

@estesp estesp Awaiting requested review from estesp

Assignees

@AkihiroSuda AkihiroSuda

Labels
area/security/userns impact/changelog kind/bugfix PR's that fix bugs process/cherry-picked status/4-merge
Projects
None yet
Milestone
20.10.0
Development

Successfully merging this pull request may close these issues.

Docker crashes when creating namespaces with UID in /etc/subuid and /etc/subgid
7 participants
@yongtang @thaJeztah @andrewhsu @tonistiigi @AkihiroSuda @runcom @GordonTheTurtle