Skip to content

Commit

Permalink
Update internal use of idtools to usergroup
Browse files Browse the repository at this point in the history 
Signed-off-by: Derek McGowan <derek@mcg.dev>
  • Loading branch information
@dmcgowan
dmcgowan committed Dec 13, 2024
1 parent 513a90f commit d854eb6
Show file tree
Hide file tree
Showing 6 changed files with 32 additions and 14 deletions.
3 changes: 2 additions & 1 deletion builder/dockerfile/copy_windows.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"strings"

winio "github.com/Microsoft/go-winio"
"github.com/docker/docker/internal/usergroup"
"github.com/docker/docker/pkg/idtools"
"github.com/docker/docker/pkg/reexec"
"github.com/docker/docker/pkg/system"
Expand Down Expand Up @@ -43,7 +44,7 @@ func fixPermissionsReexec() {
}

func fixPermissionsWindows(source, destination, SID string) error {
privileges := []string{winio.SeRestorePrivilege, idtools.SeTakeOwnershipPrivilege}
privileges := []string{winio.SeRestorePrivilege, usergroup.SeTakeOwnershipPrivilege}

err := winio.EnableProcessPrivileges(privileges)
if err != nil {
Expand Down
5 changes: 3 additions & 2 deletions builder/dockerfile/internals_windows.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (
"github.com/docker/docker/api/types/container"
"github.com/docker/docker/api/types/mount"
"github.com/docker/docker/errdefs"
"github.com/docker/docker/internal/usergroup"
"github.com/docker/docker/pkg/idtools"
"github.com/docker/docker/pkg/jsonmessage"
"golang.org/x/sys/windows"
Expand Down Expand Up @@ -45,9 +46,9 @@ func getAccountIdentity(ctx context.Context, builder *Builder, accountName strin

// Check if the account name is one unique to containers.
if strings.EqualFold(accountName, "ContainerAdministrator") {
return idtools.Identity{SID: idtools.ContainerAdministratorSidString}, nil
return idtools.Identity{SID: usergroup.ContainerAdministratorSidString}, nil
} else if strings.EqualFold(accountName, "ContainerUser") {
return idtools.Identity{SID: idtools.ContainerUserSidString}, nil
return idtools.Identity{SID: usergroup.ContainerUserSidString}, nil
}

// All other lookups failed, so therefore determine if the account in
Expand Down
3 changes: 2 additions & 1 deletion daemon/archive_tarcopyoptions_unix.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ package daemon // import "github.com/docker/docker/daemon"

import (
"github.com/docker/docker/container"
"github.com/docker/docker/internal/usergroup"
"github.com/docker/docker/pkg/archive"
"github.com/docker/docker/pkg/idtools"
)
Expand All @@ -13,7 +14,7 @@ func (daemon *Daemon) tarCopyOptions(container *container.Container, noOverwrite
return daemon.defaultTarCopyOptions(noOverwriteDirNonDir), nil
}

user, err := idtools.LookupUser(container.Config.User)
user, err := usergroup.LookupUser(container.Config.User)
if err != nil {
return nil, err
}
Expand Down
17 changes: 9 additions & 8 deletions daemon/daemon_unix.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ import (
"github.com/docker/docker/daemon/initlayer"
"github.com/docker/docker/errdefs"
"github.com/docker/docker/internal/nlwrap"
"github.com/docker/docker/internal/usergroup"
"github.com/docker/docker/libcontainerd/remote"
"github.com/docker/docker/libnetwork"
nwconfig "github.com/docker/docker/libnetwork/config"
Expand Down Expand Up @@ -1298,15 +1299,15 @@ func parseRemappedRoot(usergrp string) (string, string, error) {
if uid, err := strconv.ParseInt(idparts[0], 10, 32); err == nil {
// must be a uid; take it as valid
userID = int(uid)
luser, err := idtools.LookupUID(userID)
luser, err := usergroup.LookupUID(userID)
if err != nil {
return "", "", fmt.Errorf("Uid %d has no entry in /etc/passwd: %v", userID, err)
}
username = luser.Name
if len(idparts) == 1 {
// if the uid was numeric and no gid was specified, take the uid as the gid
groupID = userID
lgrp, err := idtools.LookupGID(groupID)
lgrp, err := usergroup.LookupGID(groupID)
if err != nil {
return "", "", fmt.Errorf("Gid %d has no entry in /etc/group: %v", groupID, err)
}
Expand All @@ -1319,15 +1320,15 @@ func parseRemappedRoot(usergrp string) (string, string, error) {
if lookupName == defaultIDSpecifier {
lookupName = defaultRemappedID
}
luser, err := idtools.LookupUser(lookupName)
luser, err := usergroup.LookupUser(lookupName)
if err != nil && idparts[0] != defaultIDSpecifier {
// error if the name requested isn't the special "dockremap" ID
return "", "", fmt.Errorf("Error during uid lookup for %q: %v", lookupName, err)
} else if err != nil {
// special case-- if the username == "default", then we have been asked
// to create a new entry pair in /etc/{passwd,group} for which the /etc/sub{uid,gid}
// ranges will be used for the user and group mappings in user namespaced containers
_, _, err := idtools.AddNamespaceRangesUser(defaultRemappedID)
_, _, err := usergroup.AddNamespaceRangesUser(defaultRemappedID)
if err == nil {
return defaultRemappedID, defaultRemappedID, nil
}
Expand All @@ -1336,7 +1337,7 @@ func parseRemappedRoot(usergrp string) (string, string, error) {
username = luser.Name
if len(idparts) == 1 {
// we only have a string username, and no group specified; look up gid from username as group
group, err := idtools.LookupGroup(lookupName)
group, err := usergroup.LookupGroup(lookupName)
if err != nil {
return "", "", fmt.Errorf("Error during gid lookup for %q: %v", lookupName, err)
}
Expand All @@ -1350,14 +1351,14 @@ func parseRemappedRoot(usergrp string) (string, string, error) {
if gid, err := strconv.ParseInt(idparts[1], 10, 32); err == nil {
// must be a gid, take it as valid
groupID = int(gid)
lgrp, err := idtools.LookupGID(groupID)
lgrp, err := usergroup.LookupGID(groupID)
if err != nil {
return "", "", fmt.Errorf("Gid %d has no entry in /etc/passwd: %v", groupID, err)
}
groupname = lgrp.Name
} else {
// not a number; attempt a lookup
if _, err := idtools.LookupGroup(idparts[1]); err != nil {
if _, err := usergroup.LookupGroup(idparts[1]); err != nil {
return "", "", fmt.Errorf("Error during groupname lookup for %q: %v", idparts[1], err)
}
groupname = idparts[1]
Expand Down Expand Up @@ -1388,7 +1389,7 @@ func setupRemappedRoot(config *config.Config) (idtools.IdentityMapping, error) {
// update remapped root setting now that we have resolved them to actual names
config.RemappedRoot = fmt.Sprintf("%s:%s", username, groupname)

mappings, err := idtools.LoadIdentityMapping(username)
mappings, err := usergroup.LoadIdentityMapping(username)
if err != nil {
return idtools.IdentityMapping{}, errors.Wrap(err, "Can't create ID mappings")
}
Expand Down
4 changes: 2 additions & 2 deletions daemon/listeners/group_unix.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,13 @@ import (
"fmt"
"strconv"

"github.com/docker/docker/pkg/idtools"
"github.com/docker/docker/internal/usergroup"
)

const defaultSocketGroup = "docker"

func lookupGID(name string) (int, error) {
group, err := idtools.LookupGroup(name)
group, err := usergroup.LookupGroup(name)
if err == nil {
return group.Gid, nil
}
Expand Down
14 changes: 14 additions & 0 deletions pkg/idtools/const_windows.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
package idtools

const (
// deprecated: copy or use from elsewhere
SeTakeOwnershipPrivilege = "SeTakeOwnershipPrivilege"
)

const (
// deprecated: copy or use from elsewhere
ContainerAdministratorSidString = "S-1-5-93-2-1"

// deprecated: copy or use from elsewhere
ContainerUserSidString = "S-1-5-93-2-2"
)

0 comments on commit d854eb6

Please sign in to comment.