rootless: fix user lookup if USER= is not set #1217
Conversation
pkg/rootless/rootless_linux.go
Outdated
| @@ -7,6 +7,7 @@ import ( | |||
| "io/ioutil" | |||
| "os" | |||
| "os/exec" | |||
| "os/user" | |||
pkg/rootless/rootless_linux.go
Outdated
| @@ -97,6 +98,13 @@ func BecomeRootInUserNS() (bool, int, error) { | |||
|
|
|||
| var uids, gids []idtools.IDMap | |||
| username := os.Getenv("USER") | |||
| if username == "" { | |||
| user, err := user.LookupId(fmt.Sprintf("%d", os.Geteuid())) | |||
There was a problem hiding this comment.
Does this work with usernames not in /etc/passwd?
There was a problem hiding this comment.
no, it works only with users defined in /etc/passwd.
I've changed the error message with a pointer to the USER env variable
There was a problem hiding this comment.
Do any go interfaces work with nsswitch?
There was a problem hiding this comment.
from a quick search I didn't find anything, I'll look further if there is something available
There was a problem hiding this comment.
@giuseppe @rhatdan You could use github.com/opencontainers/runc/libcontainer/user as we do in psgo (https://github.com/containers/psgo/blob/master/internal/process/process.go#L55).
There was a problem hiding this comment.
@vrothberg looking at the code, it seems it also just parses /etc/passwd
There was a problem hiding this comment.
RIght I think the libcontainer/user code is just for parsing the username inside of the container.
We need code to call into the gcc getpw library so that it will work with ldap and other providers of identity like freeipa.
giuseppe
force-pushed
the
rootless-fix-lookup-when-USER-is-not-defined
branch
2 times, most recently
from
6276761 to
309047a
Compare
pkg/rootless/rootless_linux.go
Outdated
| @@ -8,6 +8,7 @@ import ( | |||
| "os" | |||
| "os/exec" | |||
| gosignal "os/signal" | |||
| "os/user" | |||
There was a problem hiding this comment.
why do we need an extra line here? I thought we use it only to divide between std library and other packages
There was a problem hiding this comment.
Your right, my mistake, I thought the test was complaining about it.
Lookup the current username by UID if the USER env variable is not set. Reported in: containers#1092 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
force-pushed
the
rootless-fix-lookup-when-USER-is-not-defined
branch
from
309047a to
4c814af
Compare
|
bot, retest this please |
2 similar comments
|
bot, retest this please |
|
bot, retest this please |
|
LGTM |
|
📌 Commit 4c814af has been approved by |
|
☀️ Test successful - status-papr |
github-actions
bot
added
the
locked - please file new issue/PR
5 participants
Lookup the current username by UID if the USER env variable is not
set.
Reported in: #1092
Signed-off-by: Giuseppe Scrivano gscrivan@redhat.com