We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
moby
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid

This fix tries to address the issue raised in 39353 where
docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid.

The issue was that, mapping to `/etc/sub[u,g]id` in docker does not
allow numeric ID.

This fix fixes the issue by probing other combinations (uid:groupname, username:gid, uid:gid)
when normal username:groupname fails.

This fix fixes 39353.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Yong Tang 5 years ago
parent
fee149e723
commit
f09dc2f4fc
1 changed files with 23 additions and 2 deletions
Unified View Show Diff Stats
  1. 23 2
      daemon/daemon_unix.go

+ 23 - 2
daemon/daemon_unix.go
View File 

@@ -1203,11 +1203,32 @@ func setupRemappedRoot(config *config.Config) (*idtools.IdentityMapping, error)
 
 		// update remapped root setting now that we have resolved them to actual names
 
 		// update remapped root setting now that we have resolved them to actual names
 
 		config.RemappedRoot = fmt.Sprintf("%s:%s", username, groupname)
 
 		config.RemappedRoot = fmt.Sprintf("%s:%s", username, groupname)
 
 
 
+		// try with username:groupname, uid:groupname, username:gid, uid:gid,
 
+		// but keep the original error message (err)
 
 		mappings, err := idtools.NewIdentityMapping(username, groupname)
 
 		mappings, err := idtools.NewIdentityMapping(username, groupname)
 
-		if err != nil {
 
+		if err == nil {
 
+			return mappings, nil
 
+		}
 
+		user, lookupErr := idtools.LookupUser(username)
 
+		if lookupErr != nil {
 
 			return nil, errors.Wrap(err, "Can't create ID mappings")
 
 			return nil, errors.Wrap(err, "Can't create ID mappings")
 
 		}
 
 		}
 
-		return mappings, nil
 
+		logrus.Infof("Can't create ID mappings with username:groupname %s:%s, try uid:groupname %d:%s", username, groupname, user.Uid, groupname)
 
+		mappings, lookupErr = idtools.NewIdentityMapping(fmt.Sprintf("%d", user.Uid), groupname)
 
+		if lookupErr == nil {
 
+			return mappings, nil
 
+		}
 
+		logrus.Infof("Can't create ID mappings with uid:groupname %d:%s, try username:gid %s:%d", user.Uid, groupname, username, user.Gid)
 
+		mappings, lookupErr = idtools.NewIdentityMapping(username, fmt.Sprintf("%d", user.Gid))
 
+		if lookupErr == nil {
 
+			return mappings, nil
 
+		}
 
+		logrus.Infof("Can't create ID mappings with username:gid %s:%d, try uid:gid %d:%d", username, user.Gid, user.Uid, user.Gid)
 
+		mappings, lookupErr = idtools.NewIdentityMapping(fmt.Sprintf("%d", user.Uid), fmt.Sprintf("%d", user.Gid))
 
+		if lookupErr == nil {
 
+			return mappings, nil
 
+		}
 
+		return nil, errors.Wrap(err, "Can't create ID mappings")
 
 	}
 
 	}
 
 	return &idtools.IdentityMapping{}, nil
 
 	return &idtools.IdentityMapping{}, nil
 
 }
 
 }

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5