mirror of
https://github.com/opencontainers/runc.git
synced 2025-09-27 03:46:19 +08:00
f103de57ec
Running rootless containers in userns is useful for mounting filesystems (e.g. overlay) with mapped euid 0, but without actual root privilege. Usage: (Note that `unshare --mount` requires `--map-root-user`) user$ mkdir lower upper work rootfs user$ curl http://dl-cdn.alpinelinux.org/alpine/v3.7/releases/x86_64/alpine-minirootfs-3.7.0-x86_64.tar.gz | tar Cxz ./lower || ( true; echo "mknod errors were ignored" ) user$ unshare --mount --map-root-user mappedroot# runc spec --rootless mappedroot# sed -i 's/"readonly": true/"readonly": false/g' config.json mappedroot# mount -t overlay -o lowerdir=./lower,upperdir=./upper,workdir=./work overlayfs ./rootfs mappedroot# runc run foo Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
95 lines
2.1 KiB
Go
95 lines
2.1 KiB
Go
package main
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"path/filepath"
|
|
"strconv"
|
|
"strings"
|
|
|
|
"github.com/opencontainers/runtime-spec/specs-go"
|
|
|
|
"github.com/sirupsen/logrus"
|
|
"github.com/urfave/cli"
|
|
)
|
|
|
|
const (
|
|
exactArgs = iota
|
|
minArgs
|
|
maxArgs
|
|
)
|
|
|
|
func checkArgs(context *cli.Context, expected, checkType int) error {
|
|
var err error
|
|
cmdName := context.Command.Name
|
|
switch checkType {
|
|
case exactArgs:
|
|
if context.NArg() != expected {
|
|
err = fmt.Errorf("%s: %q requires exactly %d argument(s)", os.Args[0], cmdName, expected)
|
|
}
|
|
case minArgs:
|
|
if context.NArg() < expected {
|
|
err = fmt.Errorf("%s: %q requires a minimum of %d argument(s)", os.Args[0], cmdName, expected)
|
|
}
|
|
case maxArgs:
|
|
if context.NArg() > expected {
|
|
err = fmt.Errorf("%s: %q requires a maximum of %d argument(s)", os.Args[0], cmdName, expected)
|
|
}
|
|
}
|
|
|
|
if err != nil {
|
|
fmt.Printf("Incorrect Usage.\n\n")
|
|
cli.ShowCommandHelp(context, cmdName)
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// fatal prints the error's details if it is a libcontainer specific error type
|
|
// then exits the program with an exit status of 1.
|
|
func fatal(err error) {
|
|
// make sure the error is written to the logger
|
|
logrus.Error(err)
|
|
fmt.Fprintln(os.Stderr, err)
|
|
os.Exit(1)
|
|
}
|
|
|
|
// setupSpec performs initial setup based on the cli.Context for the container
|
|
func setupSpec(context *cli.Context) (*specs.Spec, error) {
|
|
bundle := context.String("bundle")
|
|
if bundle != "" {
|
|
if err := os.Chdir(bundle); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
spec, err := loadSpec(specConfig)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return spec, nil
|
|
}
|
|
|
|
func revisePidFile(context *cli.Context) error {
|
|
pidFile := context.String("pid-file")
|
|
if pidFile == "" {
|
|
return nil
|
|
}
|
|
|
|
// convert pid-file to an absolute path so we can write to the right
|
|
// file after chdir to bundle
|
|
pidFile, err := filepath.Abs(pidFile)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return context.Set("pid-file", pidFile)
|
|
}
|
|
|
|
// parseBoolOrAuto returns (nil, nil) if s is empty or "auto"
|
|
func parseBoolOrAuto(s string) (*bool, error) {
|
|
if s == "" || strings.ToLower(s) == "auto" {
|
|
return nil, nil
|
|
}
|
|
b, err := strconv.ParseBool(s)
|
|
return &b, err
|
|
}
|