Fix tty and io permission for userns

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-11 11:23:35 -08:00 · 2016-02-11 11:23:35 -08:00 · cf28969328
commit cf28969328
parent 20a39bce97
22 changed files with 1427 additions and 1124 deletions
--- a/runtime/container.go
+++ b/runtime/container.go
@ -161,7 +161,15 @@ func (c *container) Start(checkpoint string, s Stdio) (Process, error) {
 	if err != nil {
 		return nil, err
 	}
-	p, err := newProcess(processRoot, InitProcessID, c, spec.Process, s)
+	config := &processConfig{
+		root:        processRoot,
+		id:          InitProcessID,
+		c:           c,
+		stdio:       s,
+		spec:        spec,
+		processSpec: spec.Process,
+	}
+	p, err := newProcess(config)
 	if err != nil {
 		return nil, err
 	}
@ -188,7 +196,14 @@ func (c *container) Exec(pid string, spec specs.Process, s Stdio) (Process, erro
 	cmd.SysProcAttr = &syscall.SysProcAttr{
 		Setpgid: true,
 	}
-	p, err := newProcess(processRoot, pid, c, spec, s)
+	config := &processConfig{
+		id:          pid,
+		root:        processRoot,
+		c:           c,
+		processSpec: spec,
+		stdio:       s,
+	}
+	p, err := newProcess(config)
 	if err != nil {
 		return nil, err
 	}
@ -312,3 +327,31 @@ func (c *container) Checkpoint(cpt Checkpoint) error {
 func (c *container) DeleteCheckpoint(name string) error {
 	return os.RemoveAll(filepath.Join(c.bundle, "checkpoints", name))
 }
+
+func getRootIDs(s *specs.LinuxSpec) (int, int, error) {
+	if s == nil {
+		return 0, 0, nil
+	}
+	var hasUserns bool
+	for _, ns := range s.Linux.Namespaces {
+		if ns.Type == specs.UserNamespace {
+			hasUserns = true
+			break
+		}
+	}
+	if !hasUserns {
+		return 0, 0, nil
+	}
+	uid := hostIDFromMap(0, s.Linux.UIDMappings)
+	gid := hostIDFromMap(0, s.Linux.GIDMappings)
+	return uid, gid, nil
+}
+
+func hostIDFromMap(id uint32, mp []specs.IDMapping) int {
+	for _, m := range mp {
+		if (id >= m.ContainerID) && (id <= (m.ContainerID + m.Size - 1)) {
+			return int(m.HostID + (id - m.ContainerID))
+		}
+	}
+	return 0
+}