Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only allow Rootless runs of Podman Machine #14706

Merged
merged 1 commit into from
Jun 29, 2022
Merged

Only allow Rootless runs of Podman Machine #14706

merged 1 commit into from
Jun 29, 2022

Conversation

ashley-cui
Copy link
Member

Podman Machine crashes if run as root, as we need the UID of the core user to match the UID of the user on the host. If the user on the host is root, the core UID and the Root UID collide, causing a the VM not to boot.

[NO NEW TESTS NEEDED]

Signed-off-by: Ashley Cui [email protected]

Does this PR introduce a user-facing change?

Allow `podman machine` to only be run rootless, as the VM refuses to boot when run as root.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 22, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ashley-cui

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 22, 2022
@ashley-cui
Copy link
Member Author

No tests because this just disables running podman machine as root. Also, wasn't sure if it was a better idea to do this with annotations or by just copying and pasting if !rootless.IsRootless() || os.Getuid() == 0 into every machine file, annotations felt cleaner so I went with that. Let me know if this is the right way.

@Luap99
Copy link
Member

Luap99 commented Jun 23, 2022

I think it would be much less code if you just add it to the PersitentPreRunE function for the machine command:

podman/cmd/podman/machine/machine.go

Line 37 in 8e88abd

PersistentPreRunE: validate.NoOp,

@giuseppe
Copy link
Member

Podman Machine crashes if run as root, as we need the UID of the core user to match the UID of the user on the host. If the user on the host is root, the core UID and the Root UID collide, causing a the VM not to boot.

does it mean it crashes with any UID != UID in the VM? e.g. what happens if the UID on the local system is 1001?

@ashley-cui
Copy link
Member Author

ashley-cui commented Jun 24, 2022
edited
Loading

@giuseppe We create the root user and the core user in the machine by writing the UID to the ignition file. Podman machine checks your current UID on the host and sets the core user to that UID. If we were to use podman machine as root, we end up trying to create the core user and the root user with UID 0, which causes the machine not to boot. So, the root UID != core UID in order for the machine to properly boot.

It shouldn't crash if user UID != core UID in the VM (I think..)

@ashley-cui
Copy link
Member Author

Thanks @Luap99 ! Great idea, updated

Luap99
Luap99 reviewed Jun 24, 2022
View reviewed changes
cmd/podman/machine/machine.go Outdated
@@ -162,3 +164,10 @@ func closeMachineEvents(cmd *cobra.Command, _ []string) error {
}
return nil
}

func rootlessOnly(cmd *cobra.Command, _ []string) error {
if !rootless.IsRootless() || os.Getuid() == 0 {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The getuid() check should not be needed sine it is already done in IsRootless()

Luap99
Luap99 reviewed Jun 24, 2022
View reviewed changes
Copy link
Member

@Luap99 Luap99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@giuseppe
Copy link
Member

@giuseppe We create the root user and the core user in the machine by writing the UID to the ignition file. Podman machine checks your current UID on the host and sets the core user to that UID. If we were to use podman machine as root, we end up trying to create the core user and the root user with UID 0, which causes the machine not to boot. So, the root UID != core UID in order for the machine to properly boot.

It shouldn't crash if user UID != core UID in the VM (I think..)

it makes sense. Thanks for the explanation

@mheon
Copy link
Member

mheon commented Jun 24, 2022

System tests are angry

@ashley-cui
Copy link
Member Author

Hmm, okay. Looks like putting the rootless check in PersistentPreRunE for podman machine makes it so that running just podman machine without a subcommand fails with podman-machine can only be run as root, whereas the test expects the help output to be printed. I can't think of a way to get this working atm, other than putting the check back into every machine subcommand, @Luap99 Any thoughts?

@Luap99
Copy link
Member

Luap99 commented Jun 28, 2022

Hmm, okay. Looks like putting the rootless check in PersistentPreRunE for podman machine makes it so that running just podman machine without a subcommand fails with podman-machine can only be run as root, whereas the test expects the help output to be printed. I can't think of a way to get this working atm, other than putting the check back into every machine subcommand, @Luap99 Any thoughts?

Mhh, I don't think there is a way to avoid that. Code LGTM but you need to update the man pages.

@ashley-cui
Copy link
Member Author

Updated, @containers/podman-maintainers PTAL

@cdoern cdoern mentioned this pull request Jun 28, 2022
Merged
cdoern
cdoern reviewed Jun 28, 2022
View reviewed changes
Copy link
Contributor

@cdoern cdoern left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you need to modify the machine tests in pkg/machine/e2e to make sure they only run as rootless?

@ashley-cui
Copy link
Member Author

@cdoern Those currently don't run in CI at all :)

@ashley-cui
Only allow Rootless runs of Podman Machine
d9ff0fd 
Podman Machine crashes if run as root. When creating the machine, we write the ignition so that the UID of the core user matches the UID of the user on the host. We by default, create the root user on the machine with UID 0. If the user on the host is root, the core UID and the Root UID collide, causing a the VM not to boot.

[NO NEW TESTS NEEDED]

Signed-off-by: Ashley Cui <[email protected]>
@rhatdan
Copy link
Member

rhatdan commented Jun 29, 2022

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jun 29, 2022
@openshift-ci openshift-ci bot merged commit d6cdb99 into containers:main Jun 29, 2022
@n1hility n1hility mentioned this pull request Jun 30, 2022
Merged
@gbraad
Copy link
Member

gbraad commented Jul 1, 2022
edited
Loading

Unfortunately this broke podman machine on Windows. I discussed this with @n1hility and he provided a fix. Will test #14794

@ashley-cui ashley-cui deleted the rootmach branch July 15, 2022 19:27
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 21, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@cdoern cdoern cdoern left review comments

@Luap99 Luap99 Luap99 left review comments

Assignees

@rhatdan rhatdan

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. release-note
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@ashley-cui @Luap99 @giuseppe @mheon @rhatdan @gbraad @cdoern