[lxc-devel] [lxc/master] suppress false-negative error in templates and nvidia hook
lpirl on Github
lxc-bot at linuxcontainers.org
Mon Jul 22 12:44:41 UTC 2019
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 859 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190722/86941be9/attachment.bin>
-------------- next part --------------
From 16a312e118749caf1c4bef3c9553b0564336626b Mon Sep 17 00:00:00 2001
From: Lukas Pirl <git at lukas-pirl.de>
Date: Mon, 22 Jul 2019 14:29:52 +0200
Subject: [PATCH] suppress false-negative error in templates and nvidia hook
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
``/proc`` might be mounted with ``hidepid=2``.
This makes ``/proc/1/…`` appear absent for non-root users.
When using the templates or the nvidia hook as a non-root user
(e.g., when creating unprivileged containers) the error
"/proc/1/uid_map: No such file or directory" is printed.
Since the script works correctly despite the error, this error
message might be confusing for users.
Signed-off-by: Lukas Pirl <git at lukas-pirl.de>
---
hooks/nvidia | 8 ++++++--
templates/lxc-busybox.in | 7 ++++++-
templates/lxc-download.in | 7 ++++++-
templates/lxc-local.in | 9 +++++++--
templates/lxc-oci.in | 7 ++++++-
5 files changed, 31 insertions(+), 7 deletions(-)
diff --git a/hooks/nvidia b/hooks/nvidia
index fa943e387a..c105148087 100755
--- a/hooks/nvidia
+++ b/hooks/nvidia
@@ -58,8 +58,12 @@ in_userns() {
echo $fields | grep -q " 0 1$" && { echo userns-root; return; } || true
done < /proc/self/uid_map
- [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ] && \
- { echo userns-root; return; }
+ if [ -e /proc/1/uid_map ]; then
+ if [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ]; then
+ echo userns-root
+ return
+ fi
+ fi
echo yes
}
diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
index c9f39872e3..2e59064408 100644
--- a/templates/lxc-busybox.in
+++ b/templates/lxc-busybox.in
@@ -42,7 +42,12 @@ in_userns() {
fi
done < /proc/self/uid_map
- [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ] && { echo userns-root; return; }
+ if [ -e /proc/1/uid_map ]; then
+ if [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ]; then
+ echo userns-root
+ return
+ fi
+ fi
echo yes
}
diff --git a/templates/lxc-download.in b/templates/lxc-download.in
index 413b85f35b..d05b995d11 100644
--- a/templates/lxc-download.in
+++ b/templates/lxc-download.in
@@ -179,7 +179,12 @@ in_userns() {
fi
done < /proc/self/uid_map
- [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ] && { echo userns-root; return; }
+ if [ -e /proc/1/uid_map ]; then
+ if [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ]; then
+ echo userns-root
+ return
+ fi
+ fi
echo yes
}
diff --git a/templates/lxc-local.in b/templates/lxc-local.in
index 552a4946de..d0d739aae6 100644
--- a/templates/lxc-local.in
+++ b/templates/lxc-local.in
@@ -51,8 +51,13 @@ in_userns() {
fi
done < /proc/self/uid_map
- [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ] && { echo userns-root; return; }
- echo yes
+ if [ -e /proc/1/uid_map ]; then
+ if [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ]; then
+ echo userns-root
+ return
+ fi
+ fi
+ echo yes
}
usage() {
diff --git a/templates/lxc-oci.in b/templates/lxc-oci.in
index 110d03cb62..8017c38c1e 100644
--- a/templates/lxc-oci.in
+++ b/templates/lxc-oci.in
@@ -62,7 +62,12 @@ in_userns() {
fi
done < /proc/self/uid_map
- [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ] && { echo userns-root; return; }
+ if [ -e /proc/1/uid_map ]; then
+ if [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ]; then
+ echo userns-root
+ return
+ fi
+ fi
echo yes
}
More information about the lxc-devel
mailing list