Setup doesn't print false warnings

Usernames and uids are both valid keys in /etc/sub{u,g}id [#144028139] Signed-off-by: Craig Furman <[email protected]>
hpcloud · May 4, 2017 · ba5bf6d · ba5bf6d
1 parent 59066c0
commit ba5bf6d
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 7 deletions.
diff --git a/guardiancmd/setup.go b/guardiancmd/setup.go
@@ -11,6 +11,7 @@ import (
 	"code.cloudfoundry.org/idmapper"
 	"code.cloudfoundry.org/lager"
 	"github.com/cloudfoundry/gunk/command_runner/linux_command_runner"
+	"github.com/opencontainers/runc/libcontainer/user"
 )
 
 type SetupCommand struct {
@@ -47,6 +48,10 @@ func (cmd *SetupCommand) Execute(args []string) error {
 		return err
 	}
 
+	usr, err := user.LookupUid(int(cmd.RootlessForUID))
+	if err != nil && err != user.ErrNoPasswdEntries {
+		return err
+	}
 	subuidFileContents, err := ioutil.ReadFile("/etc/subuid")
 	if err != nil {
 		return err
@@ -55,10 +60,10 @@ func (cmd *SetupCommand) Execute(args []string) error {
 	if err != nil {
 		return err
 	}
-	if !sysinfo.UidCanMapExactRange(string(subuidFileContents), cmd.RootlessForUID, 0, uint32(idmapper.MustGetMaxValidUID()+1)) {
+	if !sysinfo.UidCanMapExactRange(string(subuidFileContents), usr.Name, cmd.RootlessForUID, 0, uint32(idmapper.MustGetMaxValidUID()+1)) {
 		fmt.Printf("WARNING: uid %d does not have permission to map the entire UID range\n", cmd.RootlessForUID)
 	}
-	if !sysinfo.UidCanMapExactRange(string(subgidFileContents), cmd.RootlessForUID, 0, uint32(idmapper.MustGetMaxValidGID()+1)) {
+	if !sysinfo.UidCanMapExactRange(string(subgidFileContents), usr.Name, cmd.RootlessForUID, 0, uint32(idmapper.MustGetMaxValidGID()+1)) {
 		fmt.Printf("WARNING: uid %d does not have permission to map the entire GID range\n", cmd.RootlessForUID)
 	}
 

diff --git a/sysinfo/subuid.go b/sysinfo/subuid.go
@@ -5,11 +5,14 @@ import (
 	"strings"
 )
 
-func UidCanMapExactRange(subidFileContents string, uid, subID, mapSize uint32) bool {
+func UidCanMapExactRange(subidFileContents string, username string, uid, subID, mapSize uint32) bool {
 	for _, subidEntry := range strings.Split(subidFileContents, "\n") {
 		if subidEntry == fmt.Sprintf("%d:%d:%d", uid, subID, mapSize) {
 			return true
 		}
+		if subidEntry == fmt.Sprintf("%s:%d:%d", username, subID, mapSize) {
+			return true
+		}
 	}
 
 	return false

diff --git a/sysinfo/subuid_test.go b/sysinfo/subuid_test.go
@@ -10,28 +10,35 @@ var _ = Describe("UidCanMapRange", func() {
 	Context("when the uid can map the exact provided range", func() {
 		It("returns true", func() {
 			subidFileContents := "1000:0:10\n"
-			Expect(sysinfo.UidCanMapExactRange(subidFileContents, 1000, 0, 10)).To(BeTrue())
+			Expect(sysinfo.UidCanMapExactRange(subidFileContents, "frank", 1000, 0, 10)).To(BeTrue())
+		})
+	})
+
+	Context("when the username can map the exact provided range", func() {
+		It("returns true", func() {
+			subidFileContents := "frank:0:10\n"
+			Expect(sysinfo.UidCanMapExactRange(subidFileContents, "frank", 1000, 0, 10)).To(BeTrue())
 		})
 	})
 
 	Context("when the uid can map some of the provided range", func() {
 		It("returns false", func() {
 			subidFileContents := "1000:0:10\n"
-			Expect(sysinfo.UidCanMapExactRange(subidFileContents, 1000, 0, 9)).To(BeFalse())
+			Expect(sysinfo.UidCanMapExactRange(subidFileContents, "frank", 1000, 0, 9)).To(BeFalse())
 		})
 	})
 
 	Context("when the uid can't map the desired range", func() {
 		It("returns false", func() {
 			subidFileContents := "1000:0:9\n"
-			Expect(sysinfo.UidCanMapExactRange(subidFileContents, 1000, 0, 10)).To(BeFalse())
+			Expect(sysinfo.UidCanMapExactRange(subidFileContents, "frank", 1000, 0, 10)).To(BeFalse())
 		})
 	})
 
 	Context("when the uid is not found in the subid file", func() {
 		It("returns false", func() {
 			subidFileContents := "1001:0:11\n"
-			Expect(sysinfo.UidCanMapExactRange(subidFileContents, 1000, 0, 10)).To(BeFalse())
+			Expect(sysinfo.UidCanMapExactRange(subidFileContents, "frank", 1000, 0, 10)).To(BeFalse())
 		})
 	})
 })