From e3f9f55c5677daf31553c6e799a41ede2e628473 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Wed, 5 Feb 2020 00:49:56 +0000 Subject: [PATCH] Bump github.com/containers/common from 0.0.7 to 0.1.4 Bumps [github.com/containers/common](https://github.com/containers/common) from 0.0.7 to 0.1.4. - [Release notes](https://github.com/containers/common/releases) - [Commits](https://github.com/containers/common/compare/v0.0.7...v0.1.4) Signed-off-by: dependabot-preview[bot] Signed-off-by: Valentin Rothberg --- go.mod | 2 +- go.sum | 2 ++ .../common/pkg/unshare/getenv_linux_cgo.go | 22 ++++++++++++ .../common/pkg/unshare/getenv_linux_nocgo.go | 11 ++++++ .../common/pkg/unshare/unshare_linux.go | 35 ++++++++++++++++--- vendor/modules.txt | 2 +- 6 files changed, 67 insertions(+), 7 deletions(-) create mode 100644 vendor/github.com/containers/common/pkg/unshare/getenv_linux_cgo.go create mode 100644 vendor/github.com/containers/common/pkg/unshare/getenv_linux_nocgo.go diff --git a/go.mod b/go.mod index 4193b607..22b78891 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.12 require ( github.com/containers/buildah v1.13.1 // indirect - github.com/containers/common v0.0.7 + github.com/containers/common v0.1.4 github.com/containers/image/v5 v5.2.0 github.com/containers/ocicrypt v0.0.0-20190930154801-b87a4a69c741 github.com/containers/storage v1.15.8 diff --git a/go.sum b/go.sum index 89fec919..90d5824f 100644 --- a/go.sum +++ b/go.sum @@ -66,6 +66,8 @@ github.com/containers/common v0.0.3 h1:C2Zshb0w720FqPa42MCRuiGfbW0kwbURRwvK1EWIC github.com/containers/common v0.0.3/go.mod h1:CaOgMRiwi2JJHISMZ6VPPZhQYFUDRv3YYVss2RqUCMg= github.com/containers/common v0.0.7 h1:eKYZLKfJ2d/RNDgecLDFv45cHb4imYzIcrQHx1Y029M= github.com/containers/common v0.0.7/go.mod h1:lhWV3MLhO1+KGE2x6v9+K38MxpjXGso+edmpkFnCOqI= +github.com/containers/common v0.1.4 h1:6tizbvX9BJTnJ0S3pe65Vcu8gJagbm6oFBCmwUIiOE4= +github.com/containers/common v0.1.4/go.mod h1:ss8uGpUsaDE4DPmaVFOjzKrlgf5eUnSAWL+d/PYGaoM= github.com/containers/image/v5 v5.0.0/go.mod h1:MgiLzCfIeo8lrHi+4Lb8HP+rh513sm0Mlk6RrhjFOLY= github.com/containers/image/v5 v5.0.1-0.20191126085826-502848a1358b h1:xUXa/0+KWQY1PAGuvfqXh1U18qTRYvHzhiys/BpZG4c= github.com/containers/image/v5 v5.0.1-0.20191126085826-502848a1358b/go.mod h1:NNGElTgKPvARdKeiJIE/IF+ddvHmNwaLPBupsoZI8eI= diff --git a/vendor/github.com/containers/common/pkg/unshare/getenv_linux_cgo.go b/vendor/github.com/containers/common/pkg/unshare/getenv_linux_cgo.go new file mode 100644 index 00000000..4f441c32 --- /dev/null +++ b/vendor/github.com/containers/common/pkg/unshare/getenv_linux_cgo.go @@ -0,0 +1,22 @@ +// +build linux,cgo + +package unshare + +import ( + "unsafe" +) + +/* +#cgo remoteclient CFLAGS: -Wall -Werror +#include +*/ +import "C" + +func getenv(name string) string { + cName := C.CString(name) + defer C.free(unsafe.Pointer(cName)) + + value := C.GoString(C.getenv(cName)) + + return value +} diff --git a/vendor/github.com/containers/common/pkg/unshare/getenv_linux_nocgo.go b/vendor/github.com/containers/common/pkg/unshare/getenv_linux_nocgo.go new file mode 100644 index 00000000..a5005403 --- /dev/null +++ b/vendor/github.com/containers/common/pkg/unshare/getenv_linux_nocgo.go @@ -0,0 +1,11 @@ +// +build linux,!cgo + +package unshare + +import ( + "os" +) + +func getenv(name string) string { + return os.Getenv(name) +} diff --git a/vendor/github.com/containers/common/pkg/unshare/unshare_linux.go b/vendor/github.com/containers/common/pkg/unshare/unshare_linux.go index ed83908c..ef33ab8e 100644 --- a/vendor/github.com/containers/common/pkg/unshare/unshare_linux.go +++ b/vendor/github.com/containers/common/pkg/unshare/unshare_linux.go @@ -50,6 +50,31 @@ func Command(args ...string) *Cmd { } } +func getRootlessUID() int { + uidEnv := getenv("_CONTAINERS_ROOTLESS_UID") + if uidEnv != "" { + u, _ := strconv.Atoi(uidEnv) + return u + } + return os.Geteuid() +} + +func getRootlessGID() int { + gidEnv := getenv("_CONTAINERS_ROOTLESS_GID") + if gidEnv != "" { + u, _ := strconv.Atoi(gidEnv) + return u + } + + /* If the _CONTAINERS_ROOTLESS_UID is set, assume the gid==uid. */ + uidEnv := os.Getenv("_CONTAINERS_ROOTLESS_UID") + if uidEnv != "" { + u, _ := strconv.Atoi(uidEnv) + return u + } + return os.Getegid() +} + func (c *Cmd) Start() error { runtime.LockOSThread() defer runtime.UnlockOSThread() @@ -61,10 +86,10 @@ func (c *Cmd) Start() error { c.Env = append(c.Env, fmt.Sprintf("_Containers-unshare=%d", c.UnshareFlags)) // Please the libpod "rootless" package to find the expected env variables. - if os.Geteuid() != 0 { + if IsRootless() { c.Env = append(c.Env, "_CONTAINERS_USERNS_CONFIGURED=done") - c.Env = append(c.Env, fmt.Sprintf("_CONTAINERS_ROOTLESS_UID=%d", os.Geteuid())) - c.Env = append(c.Env, fmt.Sprintf("_CONTAINERS_ROOTLESS_GID=%d", os.Getegid())) + c.Env = append(c.Env, fmt.Sprintf("_CONTAINERS_ROOTLESS_UID=%d", getRootlessUID())) + c.Env = append(c.Env, fmt.Sprintf("_CONTAINERS_ROOTLESS_GID=%d", getRootlessGID())) } // Create the pipe for reading the child's PID. @@ -318,14 +343,14 @@ const ( // IsRootless tells us if we are running in rootless mode func IsRootless() bool { isRootlessOnce.Do(func() { - isRootless = os.Geteuid() != 0 || os.Getenv(UsernsEnvName) != "" + isRootless = getRootlessUID() != 0 || getenv(UsernsEnvName) != "" }) return isRootless } // GetRootlessUID returns the UID of the user in the parent userNS func GetRootlessUID() int { - uidEnv := os.Getenv("_CONTAINERS_ROOTLESS_UID") + uidEnv := getenv("_CONTAINERS_ROOTLESS_UID") if uidEnv != "" { u, _ := strconv.Atoi(uidEnv) return u diff --git a/vendor/modules.txt b/vendor/modules.txt index be2eed1f..8a1abf52 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -36,7 +36,7 @@ github.com/containerd/cgroups/stats/v1 github.com/containerd/containerd/errdefs github.com/containerd/containerd/log github.com/containerd/containerd/platforms -# github.com/containers/common v0.0.7 +# github.com/containers/common v0.1.4 github.com/containers/common/pkg/unshare # github.com/containers/image/v5 v5.2.0 github.com/containers/image/v5/copy