github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/rootless_linux.go

github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/rootless_linux.go (about)

     1  package main
     2  
     3  import (
     4  	"os"
     5  
     6  	"github.com/opencontainers/runc/libcontainer/cgroups/systemd"
     7  	"github.com/opencontainers/runc/libcontainer/userns"
     8  	"github.com/sirupsen/logrus"
     9  	"github.com/urfave/cli"
    10  )
    11  
    12  func shouldUseRootlessCgroupManager(context *cli.Context) (bool, error) {
    13  	if context != nil {
    14  		b, err := parseBoolOrAuto(context.GlobalString("rootless"))
    15  		if err != nil {
    16  			return false, err
    17  		}
    18  		// nil b stands for "auto detect"
    19  		if b != nil {
    20  			return *b, nil
    21  		}
    22  	}
    23  	if os.Geteuid() != 0 {
    24  		return true, nil
    25  	}
    26  	if !userns.RunningInUserNS() {
    27  		// euid == 0 , in the initial ns (i.e. the real root)
    28  		return false, nil
    29  	}
    30  	// euid = 0, in a userns.
    31  	//
    32  	// [systemd driver]
    33  	// We can call DetectUID() to parse the OwnerUID value from `busctl --user --no-pager status` result.
    34  	// The value corresponds to sd_bus_creds_get_owner_uid(3).
    35  	// If the value is 0, we have rootful systemd inside userns, so we do not need the rootless cgroup manager.
    36  	//
    37  	// On error, we assume we are root. An error may happen during shelling out to `busctl` CLI,
    38  	// mostly when $DBUS_SESSION_BUS_ADDRESS is unset.
    39  	if context.GlobalBool("systemd-cgroup") {
    40  		ownerUID, err := systemd.DetectUID()
    41  		if err != nil {
    42  			logrus.WithError(err).Debug("failed to get the OwnerUID value, assuming the value to be 0")
    43  			ownerUID = 0
    44  		}
    45  		return ownerUID != 0, nil
    46  	}
    47  	// [cgroupfs driver]
    48  	// As we are unaware of cgroups path, we can't determine whether we have the full
    49  	// access to the cgroups path.
    50  	// Either way, we can safely decide to use the rootless cgroups manager.
    51  	return true, nil
    52  }
    53  
    54  func shouldHonorXDGRuntimeDir() bool {
    55  	if os.Geteuid() != 0 {
    56  		return true
    57  	}
    58  	if !userns.RunningInUserNS() {
    59  		// euid == 0 , in the initial ns (i.e. the real root)
    60  		// in this case, we should use /run/runc and ignore
    61  		// $XDG_RUNTIME_DIR (e.g. /run/user/0) for backward
    62  		// compatibility.
    63  		return false
    64  	}
    65  	// euid = 0, in a userns.
    66  	u, ok := os.LookupEnv("USER")
    67  	return !ok || u != "root"
    68  }