skopeo: create a userns when running rootless

Closes: https://github.com/containers/skopeo/issues/623 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-08-31 06:10:50 +00:00 · 2019-03-29 16:54:06 +01:00
parent ffa640c2b0
commit ac85091ecd
8 changed files with 25 additions and 3 deletions
--- a/cmd/skopeo/copy.go
+++ b/cmd/skopeo/copy.go
@@ -50,6 +50,7 @@ func copyCmd(global *globalOptions) cli.Command {
 	`, strings.Join(transports.ListNames(), ", ")),
 		ArgsUsage: "SOURCE-IMAGE DESTINATION-IMAGE",
 		Action:    commandAction(opts.run),
+		Before:    needsRexec,
 		// FIXME: Do we need to namespace the GPG aspect?
 		Flags: append(append(append([]cli.Flag{
 			cli.StringSliceFlag{
--- a/cmd/skopeo/delete.go
+++ b/cmd/skopeo/delete.go
@@ -24,8 +24,9 @@ func deleteCmd(global *globalOptions) cli.Command {
 		image:  imageOpts,
 	}
 	return cli.Command{
-		Name:  "delete",
-		Usage: "Delete image IMAGE-NAME",
+		Before: needsRexec,
+		Name:   "delete",
+		Usage:  "Delete image IMAGE-NAME",
 		Description: fmt.Sprintf(`
 	Delete an "IMAGE_NAME" from a transport

--- a/cmd/skopeo/inspect.go
+++ b/cmd/skopeo/inspect.go
@@ -62,6 +62,7 @@ func inspectCmd(global *globalOptions) cli.Command {
 				Destination: &opts.raw,
 			},
 		}, sharedFlags...), imageFlags...),
+		Before: needsRexec,
 		Action: commandAction(opts.run),
 	}
 }
--- a/cmd/skopeo/layers.go
+++ b/cmd/skopeo/layers.go
@@ -32,6 +32,7 @@ func layersCmd(global *globalOptions) cli.Command {
 		Name:      "layers",
 		Usage:     "Get layers of IMAGE-NAME",
 		ArgsUsage: "IMAGE-NAME [LAYER...]",
+		Before:    needsRexec,
 		Hidden:    true,
 		Action:    commandAction(opts.run),
 		Flags:     append(sharedFlags, imageFlags...),
--- a/cmd/skopeo/main.go
+++ b/cmd/skopeo/main.go
@@ -99,7 +99,7 @@ func createApp() (*cli.App, *globalOptions) {
 }

 // before is run by the cli package for any command, before running the command-specific handler.
-func (opts *globalOptions) before(_ *cli.Context) error {
+func (opts *globalOptions) before(ctx *cli.Context) error {
 	if opts.debug {
 		logrus.SetLevel(logrus.DebugLevel)
 	}
--- a/cmd/skopeo/unshare.go
+++ b/cmd/skopeo/unshare.go
@@ -0,0 +1,6 @@
+// +build !linux
+
+package main
+
+func maybeReexec() {
+}
--- a/cmd/skopeo/unshare_linux.go
+++ b/cmd/skopeo/unshare_linux.go
@@ -0,0 +1,7 @@
+package main
+
+import "github.com/containers/buildah/pkg/unshare"
+
+func maybeReexec() {
+	unshare.MaybeReexecUsingUserNamespace(false)
+}
--- a/cmd/skopeo/utils.go
+++ b/cmd/skopeo/utils.go
@@ -16,6 +16,11 @@ type errorShouldDisplayUsage struct {
 	error
 }

+func needsRexec(c *cli.Context) error {
+	maybeReexec()
+	return nil
+}
+
 // commandAction intermediates between the cli.ActionFunc interface and the real handler,
 // primarily to ensure that cli.Context is not available to the handler, which in turn
 // makes sure that the cli.String() etc. flag access functions are not used,