6f5ea7ac1a
* gnu/packages/containers.scm (podman): Update to 4.9.3. * gnu/packages/patches/podman-program-lookup.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. Change-Id: If764e8456a697d16b76cd4ba1243cc5f633a6049 Signed-off-by: Ludovic Courtès <ludo@gnu.org>
120 lines
4.4 KiB
Diff
120 lines
4.4 KiB
Diff
From 914aed3e04f71453fbdc30f4287e13ca3ce63a36 Mon Sep 17 00:00:00 2001
|
|
From: Tomas Volf <~@wolfsden.cz>
|
|
Date: Wed, 14 Feb 2024 20:02:03 +0100
|
|
Subject: [PATCH] Modify search for binaries to fit Guix model
|
|
|
|
Podman basically looked into the $PATH and into its libexec. That does not fit
|
|
Guix's model very well, to an additional option to specify additional
|
|
directories during compilation was added.
|
|
|
|
* pkg/rootless/rootless_linux.go
|
|
(tryMappingTool): Also check /run/setuid-programs.
|
|
* vendor/github.com/containers/common/pkg/config/config.go
|
|
(extraGuixDir): New function.
|
|
(FindHelperBinary): Use it.
|
|
* vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go
|
|
(guixLookupSetuidPath): New function.
|
|
(Start): Use it.
|
|
---
|
|
pkg/rootless/rootless_linux.go | 3 +++
|
|
.../containers/common/pkg/config/config.go | 23 +++++++++++++++++++
|
|
.../storage/pkg/unshare/unshare_linux.go | 14 +++++++++--
|
|
3 files changed, 38 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
|
|
index d303c8b..0191d90 100644
|
|
--- a/pkg/rootless/rootless_linux.go
|
|
+++ b/pkg/rootless/rootless_linux.go
|
|
@@ -102,6 +102,9 @@ func tryMappingTool(uid bool, pid int, hostID int, mappings []idtools.IDMap) err
|
|
idtype = "setgid"
|
|
}
|
|
path, err := exec.LookPath(tool)
|
|
+ if err != nil {
|
|
+ path, err = exec.LookPath("/run/setuid-programs/" + tool)
|
|
+ }
|
|
if err != nil {
|
|
return fmt.Errorf("command required for rootless mode with multiple IDs: %w", err)
|
|
}
|
|
diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go
|
|
index 75b917f..ed2f131 100644
|
|
--- a/vendor/github.com/containers/common/pkg/config/config.go
|
|
+++ b/vendor/github.com/containers/common/pkg/config/config.go
|
|
@@ -1102,6 +1102,24 @@ func findBindir() string {
|
|
return bindirCached
|
|
}
|
|
|
|
+func extraGuixDir(bin_name string) string {
|
|
+ if (bin_name == "slirp4netns") {
|
|
+ return "@SLIRP4NETNS_DIR@";
|
|
+ } else if (bin_name == "pasta") {
|
|
+ return "@PASST_DIR@";
|
|
+ } else if (strings.HasPrefix(bin_name, "qemu-")) {
|
|
+ return "@QEMU_DIR@";
|
|
+ } else if (bin_name == "gvproxy") {
|
|
+ return "@GVPROXY_DIR@";
|
|
+ } else if (bin_name == "netavark") {
|
|
+ return "@NETAVARK_DIR@";
|
|
+ } else if (bin_name == "aardvark-dns") {
|
|
+ return "@AARDVARK_DNS_DIR@";
|
|
+ } else {
|
|
+ return "";
|
|
+ }
|
|
+}
|
|
+
|
|
// FindHelperBinary will search the given binary name in the configured directories.
|
|
// If searchPATH is set to true it will also search in $PATH.
|
|
func (c *Config) FindHelperBinary(name string, searchPATH bool) (string, error) {
|
|
@@ -1109,6 +1127,11 @@ func (c *Config) FindHelperBinary(name string, searchPATH bool) (string, error)
|
|
bindirPath := ""
|
|
bindirSearched := false
|
|
|
|
+ if dir := extraGuixDir(name); dir != "" {
|
|
+ /* If there is a Guix dir, skip the PATH search. */
|
|
+ dirList = append([]string{dir}, dirList...)
|
|
+ }
|
|
+
|
|
// If set, search this directory first. This is used in testing.
|
|
if dir, found := os.LookupEnv("CONTAINERS_HELPER_BINARY_DIR"); found {
|
|
dirList = append([]string{dir}, dirList...)
|
|
diff --git a/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go b/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go
|
|
index a8dc1ba..0b0d755 100644
|
|
--- a/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go
|
|
+++ b/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go
|
|
@@ -26,6 +26,16 @@ import (
|
|
"github.com/syndtr/gocapability/capability"
|
|
)
|
|
|
|
+func guixLookupSetuidPath(prog string) (string, error) {
|
|
+ path, err := exec.LookPath(prog)
|
|
+ if err != nil {
|
|
+ path, err = exec.LookPath("/run/setuid-programs/" + prog)
|
|
+ }
|
|
+ return path, err
|
|
+}
|
|
+
|
|
+
|
|
+
|
|
// Cmd wraps an exec.Cmd created by the reexec package in unshare(), and
|
|
// handles setting ID maps and other related settings by triggering
|
|
// initialization code in the child.
|
|
@@ -237,7 +247,7 @@ func (c *Cmd) Start() error {
|
|
gidmapSet := false
|
|
// Set the GID map.
|
|
if c.UseNewgidmap {
|
|
- path, err := exec.LookPath("newgidmap")
|
|
+ path, err := guixLookupSetuidPath("newgidmap")
|
|
if err != nil {
|
|
return fmt.Errorf("finding newgidmap: %w", err)
|
|
}
|
|
@@ -297,7 +307,7 @@ func (c *Cmd) Start() error {
|
|
uidmapSet := false
|
|
// Set the UID map.
|
|
if c.UseNewuidmap {
|
|
- path, err := exec.LookPath("newuidmap")
|
|
+ path, err := guixLookupSetuidPath("newuidmap")
|
|
if err != nil {
|
|
return fmt.Errorf("finding newuidmap: %w", err)
|
|
}
|
|
--
|
|
2.41.0
|
|
|