forked from opencontainers/runc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
rootless_linux.go
58 lines (52 loc) · 1.3 KB
/
rootless_linux.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
// +build linux
package main
import (
"os"
"github.com/opencontainers/runc/libcontainer/system"
"github.com/urfave/cli"
)
func shouldUseRootlessCgroupManager(context *cli.Context) (bool, error) {
if context != nil {
b, err := parseBoolOrAuto(context.GlobalString("rootless"))
if err != nil {
return false, err
}
// nil b stands for "auto detect"
if b != nil {
return *b, nil
}
if context.GlobalBool("systemd-cgroup") {
return false, nil
}
}
if os.Geteuid() != 0 {
return true, nil
}
if !system.RunningInUserNS() {
// euid == 0 , in the initial ns (i.e. the real root)
return false, nil
}
// euid = 0, in a userns.
// As we are unaware of cgroups path, we can't determine whether we have the full
// access to the cgroups path.
// Either way, we can safely decide to use the rootless cgroups manager.
return true, nil
}
func shouldHonorXDGRuntimeDir() bool {
if os.Getenv("XDG_RUNTIME_DIR") == "" {
return false
}
if os.Geteuid() != 0 {
return true
}
if !system.RunningInUserNS() {
// euid == 0 , in the initial ns (i.e. the real root)
// in this case, we should use /run/runc and ignore
// $XDG_RUNTIME_DIR (e.g. /run/user/0) for backward
// compatibility.
return false
}
// euid = 0, in a userns.
u, ok := os.LookupEnv("USER")
return !ok || u != "root"
}