container_create: correctly set user
We had a bug in ImageStatus where we weren't returning the default image user if set, thus running all containers as root despite a user being set in the image config. We weren't populating the Username field of ImageStatus. This patch fixes that along with the handling of multiple images based on the registry patch for multiple images. It also fixes ListImages to return Username as well. Signed-off-by: Antonio Murdaca <runcom@redhat.com>
This commit is contained in:
Antonio Murdaca
parent
9128ffc226
commit
96fb47213e
4 changed files with 103 additions and 28 deletions
|
|
@ -2,6 +2,8 @@ package server
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/containers/storage"
|
||||
|
|
@ -37,23 +39,62 @@ func (s *Server) ImageStatus(ctx context.Context, req *pb.ImageStatusRequest) (r
|
|||
return nil, err
|
||||
}
|
||||
}
|
||||
// match just the first registry as that's what kube meant
|
||||
image = images[0]
|
||||
status, err := s.StorageImageServer().ImageStatus(s.ImageContext(), image)
|
||||
if err != nil {
|
||||
if errors.Cause(err) == storage.ErrImageUnknown {
|
||||
return &pb.ImageStatusResponse{}, nil
|
||||
var (
|
||||
notfound bool
|
||||
lastErr error
|
||||
)
|
||||
for _, image := range images {
|
||||
status, err := s.StorageImageServer().ImageStatus(s.ImageContext(), image)
|
||||
if err != nil {
|
||||
if errors.Cause(err) == storage.ErrImageUnknown {
|
||||
logrus.Warnf("imageStatus: can't find %s", image)
|
||||
notfound = true
|
||||
continue
|
||||
}
|
||||
logrus.Warnf("imageStatus: error getting status from %s: %v", image, err)
|
||||
lastErr = err
|
||||
continue
|
||||
}
|
||||
return nil, err
|
||||
resp = &pb.ImageStatusResponse{
|
||||
Image: &pb.Image{
|
||||
Id: status.ID,
|
||||
RepoTags: status.RepoTags,
|
||||
RepoDigests: status.RepoDigests,
|
||||
Size_: *status.Size,
|
||||
},
|
||||
}
|
||||
uid, username := getUserFromImage(status.User)
|
||||
if uid != nil {
|
||||
resp.Image.Uid = &pb.Int64Value{Value: *uid}
|
||||
}
|
||||
resp.Image.Username = username
|
||||
break
|
||||
}
|
||||
resp = &pb.ImageStatusResponse{
|
||||
Image: &pb.Image{
|
||||
Id: status.ID,
|
||||
RepoTags: status.RepoTags,
|
||||
RepoDigests: status.RepoDigests,
|
||||
Size_: *status.Size,
|
||||
},
|
||||
if lastErr != nil && resp == nil {
|
||||
return nil, lastErr
|
||||
}
|
||||
if notfound && resp == nil {
|
||||
return &pb.ImageStatusResponse{}, nil
|
||||
}
|
||||
logrus.Debugf("ImageStatusResponse: %+v", resp)
|
||||
return resp, nil
|
||||
}
|
||||
|
||||
// getUserFromImage gets uid or user name of the image user.
|
||||
// If user is numeric, it will be treated as uid; or else, it is treated as user name.
|
||||
func getUserFromImage(user string) (*int64, string) {
|
||||
// return both empty if user is not specified in the image.
|
||||
if user == "" {
|
||||
return nil, ""
|
||||
}
|
||||
// split instances where the id may contain user:group
|
||||
user = strings.Split(user, ":")[0]
|
||||
// user could be either uid or user name. Try to interpret as numeric uid.
|
||||
uid, err := strconv.ParseInt(user, 10, 64)
|
||||
if err != nil {
|
||||
// If user is non numeric, assume it's user name.
|
||||
return nil, user
|
||||
}
|
||||
// If user is a numeric uid.
|
||||
return &uid, ""
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue