homedir: remove idtools and libcontainer's user package dependencies

About github.com/opencontainers/runc/libcontainer/user:

According to 195d8d544a
this package has two functions:
- Have a static implementation of user lookup, which is now supported in the
  os/user stdlib package with the osusergo build tag, but wasn't at the time.
- Have extra functions that os/user doesn't have, but none of those are used
  in homedir.

Since https://github.com/moby/moby/pull/11287, homedir depended directly on
libcontainer's user package for CurrentUser().
This is being replaced with os/user.Current(), because all of our static
binaries are compiled with the osusergo tag, and for dynamic libraries it
is more correct to use libc's implementation than parsing /etc/passwd.

About github.com/docker/docker/pkg/idtools:

Only dependency was from GetStatic() which uses idtools.LookupUID(uid).
The implementation of idtools.LookupUID just calls to
github.com/opencontainers/runc/libcontainer/user.LookupUid or fallbacks
to exec-ing to getent (since https://github.com/moby/moby/pull/27599).

This patch replaces calls to homedir.GetStatic by homedir.Get(), opting out
of supporting nss lookups in static binaries via exec-ing to getent for
the homedir package.

If homedir package users need to support nss lookups, they are advised
to compile dynamically instead.

Signed-off-by: Tibor Vass <tibor@docker.com>
This commit is contained in:
Tibor Vass 2019-09-23 22:16:38 +00:00
parent 610551e039
commit a8608b5b67
4 changed files with 10 additions and 33 deletions

View file

@ -11,17 +11,15 @@ import (
// ensureHomeIfIAmStatic ensure $HOME to be set if dockerversion.IAmStatic is "true".
// See issue #29344: gcplogs segfaults (static binary)
// If HOME is not set, logging.NewClient() will call os/user.Current() via oauth2/google.
// However, in static binary, os/user.Current() leads to segfault due to a glibc issue that won't be fixed
// in a short term. (golang/go#13470, https://sourceware.org/bugzilla/show_bug.cgi?id=19341)
// If compiling statically, make sure osusergo build tag is also used to prevent a segfault
// due to a glibc issue that won't be fixed in a short term
// (see golang/go#13470, https://sourceware.org/bugzilla/show_bug.cgi?id=19341).
// So we forcibly set HOME so as to avoid call to os/user/Current()
func ensureHomeIfIAmStatic() error {
// Note: dockerversion.IAmStatic and homedir.GetStatic() is only available for linux.
// Note: dockerversion.IAmStatic is only available for linux.
// So we need to use them in this gcplogging_linux.go rather than in gcplogging.go
if dockerversion.IAmStatic == "true" && os.Getenv("HOME") == "" {
home, err := homedir.GetStatic()
if err != nil {
return err
}
home := homedir.Get()
logrus.Warnf("gcplogs requires HOME to be set for static daemon binary. Forcibly setting HOME to %s.", home)
os.Setenv("HOME", home)
}

View file

@ -5,24 +5,8 @@ import (
"os"
"path/filepath"
"strings"
"github.com/docker/docker/pkg/idtools"
)
// GetStatic returns the home directory for the current user without calling
// os/user.Current(). This is useful for static-linked binary on glibc-based
// system, because a call to os/user.Current() in a static binary leads to
// segfault due to a glibc issue that won't be fixed in a short term.
// (#29344, golang/go#13470, https://sourceware.org/bugzilla/show_bug.cgi?id=19341)
func GetStatic() (string, error) {
uid := os.Getuid()
usr, err := idtools.LookupUID(uid)
if err != nil {
return "", err
}
return usr.Home, nil
}
// GetRuntimeDir returns XDG_RUNTIME_DIR.
// XDG_RUNTIME_DIR is typically configured via pam_systemd.
// GetRuntimeDir returns non-nil error if XDG_RUNTIME_DIR is not set.

View file

@ -6,12 +6,6 @@ import (
"errors"
)
// GetStatic is not needed for non-linux systems.
// (Precisely, it is needed only for glibc-based linux systems.)
func GetStatic() (string, error) {
return "", errors.New("homedir.GetStatic() is not supported on this system")
}
// GetRuntimeDir is unsupported on non-linux system.
func GetRuntimeDir() (string, error) {
return "", errors.New("homedir.GetRuntimeDir() is not supported on this system")

View file

@ -4,8 +4,7 @@ package homedir // import "github.com/docker/docker/pkg/homedir"
import (
"os"
"github.com/opencontainers/runc/libcontainer/user"
"os/user"
)
// Key returns the env var name for the user's home dir based on
@ -17,11 +16,13 @@ func Key() string {
// Get returns the home directory of the current user with the help of
// environment variables depending on the target operating system.
// Returned path should be used with "path/filepath" to form new paths.
// If compiling statically, ensure the osusergo build tag is used.
// If needing to do nss lookups, do not compile statically.
func Get() string {
home := os.Getenv(Key())
if home == "" {
if u, err := user.CurrentUser(); err == nil {
return u.Home
if u, err := user.Current(); err == nil {
return u.HomeDir
}
}
return home