Merge pull request #41018 from akhilerm/identity-mapping

remove group name from identity mapping

daemon/daemon_unix.go

@@ -1223,36 +1223,15 @@ func setupRemappedRoot(config *config.Config) (*idtools.IdentityMapping, error)
 			logrus.Warn("User namespaces: root cannot be remapped with itself; user namespaces are OFF")
 			return &idtools.IdentityMapping{}, nil
 		}
-		logrus.Infof("User namespaces: ID ranges will be mapped to subuid/subgid ranges of: %s:%s", username, groupname)
+		logrus.Infof("User namespaces: ID ranges will be mapped to subuid/subgid ranges of: %s", username)
 		// update remapped root setting now that we have resolved them to actual names
 		config.RemappedRoot = fmt.Sprintf("%s:%s", username, groupname)
 
-		// try with username:groupname, uid:groupname, username:gid, uid:gid,
-		// but keep the original error message (err)
-		mappings, err := idtools.NewIdentityMapping(username, groupname)
-		if err == nil {
-			return mappings, nil
-		}
-		user, lookupErr := idtools.LookupUser(username)
-		if lookupErr != nil {
+		mappings, err := idtools.NewIdentityMapping(username)
+		if err != nil {
 			return nil, errors.Wrap(err, "Can't create ID mappings")
 		}
-		logrus.Infof("Can't create ID mappings with username:groupname %s:%s, try uid:groupname %d:%s", username, groupname, user.Uid, groupname)
-		mappings, lookupErr = idtools.NewIdentityMapping(fmt.Sprintf("%d", user.Uid), groupname)
-		if lookupErr == nil {
-			return mappings, nil
-		}
-		logrus.Infof("Can't create ID mappings with uid:groupname %d:%s, try username:gid %s:%d", user.Uid, groupname, username, user.Gid)
-		mappings, lookupErr = idtools.NewIdentityMapping(username, fmt.Sprintf("%d", user.Gid))
-		if lookupErr == nil {
-			return mappings, nil
-		}
-		logrus.Infof("Can't create ID mappings with username:gid %s:%d, try uid:gid %d:%d", username, user.Gid, user.Uid, user.Gid)
-		mappings, lookupErr = idtools.NewIdentityMapping(fmt.Sprintf("%d", user.Uid), fmt.Sprintf("%d", user.Gid))
-		if lookupErr == nil {
-			return mappings, nil
-		}
-		return nil, errors.Wrap(err, "Can't create ID mappings")
+		return mappings, nil
 	}
 	return &idtools.IdentityMapping{}, nil
 }

pkg/idtools/idtools.go

@@ -114,31 +114,6 @@ type IdentityMapping struct {
 	gids []IDMap
 }
 
-// NewIdentityMapping takes a requested user and group name and
-// using the data from /etc/sub{uid,gid} ranges, creates the
-// proper uid and gid remapping ranges for that user/group pair
-func NewIdentityMapping(username, groupname string) (*IdentityMapping, error) {
-	subuidRanges, err := parseSubuid(username)
-	if err != nil {
-		return nil, err
-	}
-	subgidRanges, err := parseSubgid(groupname)
-	if err != nil {
-		return nil, err
-	}
-	if len(subuidRanges) == 0 {
-		return nil, fmt.Errorf("No subuid ranges found for user %q", username)
-	}
-	if len(subgidRanges) == 0 {
-		return nil, fmt.Errorf("No subgid ranges found for group %q", groupname)
-	}
-
-	return &IdentityMapping{
-		uids: createIDMap(subuidRanges),
-		gids: createIDMap(subgidRanges),
-	}, nil
-}
-
 // NewIDMappingsFromMaps creates a new mapping from two slices
 // Deprecated: this is a temporary shim while transitioning to IDMapping
 func NewIDMappingsFromMaps(uids []IDMap, gids []IDMap) *IdentityMapping {

pkg/idtools/idtools_unix.go

@@ -8,12 +8,14 @@ import (
 	"io"
 	"os"
 	"path/filepath"
+	"strconv"
 	"strings"
 	"sync"
 	"syscall"
 
 	"github.com/docker/docker/pkg/system"
 	"github.com/opencontainers/runc/libcontainer/user"
+	"github.com/pkg/errors"
 )
 
 var (
@@ -229,3 +231,48 @@ func lazyChown(p string, uid, gid int, stat *system.StatT) error {
 	}
 	return os.Chown(p, uid, gid)
 }
+
+// NewIdentityMapping takes a requested username and
+// using the data from /etc/sub{uid,gid} ranges, creates the
+// proper uid and gid remapping ranges for that user/group pair
+func NewIdentityMapping(username string) (*IdentityMapping, error) {
+	usr, err := LookupUser(username)
+	if err != nil {
+		return nil, fmt.Errorf("Could not get user for username %s: %v", username, err)
+	}
+
+	uid := strconv.Itoa(usr.Uid)
+
+	subuidRangesWithUserName, err := parseSubuid(username)
+	if err != nil {
+		return nil, err
+	}
+	subgidRangesWithUserName, err := parseSubgid(username)
+	if err != nil {
+		return nil, err
+	}
+
+	subuidRangesWithUID, err := parseSubuid(uid)
+	if err != nil {
+		return nil, err
+	}
+	subgidRangesWithUID, err := parseSubgid(uid)
+	if err != nil {
+		return nil, err
+	}
+
+	subuidRanges := append(subuidRangesWithUserName, subuidRangesWithUID...)
+	subgidRanges := append(subgidRangesWithUserName, subgidRangesWithUID...)
+
+	if len(subuidRanges) == 0 {
+		return nil, errors.Errorf("no subuid ranges found for user %q", username)
+	}
+	if len(subgidRanges) == 0 {
+		return nil, errors.Errorf("no subgid ranges found for user %q", username)
+	}
+
+	return &IdentityMapping{
+		uids: createIDMap(subuidRanges),
+		gids: createIDMap(subgidRanges),
+	}, nil
+}

pkg/idtools/idtools_unix_test.go

@@ -321,12 +321,7 @@ func TestNewIDMappings(t *testing.T) {
 	tempUser, err := user.Lookup(tempUser)
 	assert.Check(t, err)
 
-	gids, err := tempUser.GroupIds()
-	assert.Check(t, err)
-	group, err := user.LookupGroupId(gids[0])
-	assert.Check(t, err)
-
-	idMapping, err := NewIdentityMapping(tempUser.Username, group.Name)
+	idMapping, err := NewIdentityMapping(tempUser.Username)
 	assert.Check(t, err)
 
 	rootUID, rootGID, err := GetRootUIDGID(idMapping.UIDs(), idMapping.GIDs())