Add namespaces check to the ExecuteFromUser

author: Valery Piashchynski <[email protected]> 2020-09-01 20:35:42 +0300
committer: Valery Piashchynski <[email protected]> 2020-09-01 20:35:42 +0300
commit: cff3ba139193c9f2ebcf8220df2a6ac401c55e9b (patch)
tree: b86f877d0bd666d9c214a77d0aa83ed931b9640e
parent: 9103939fa98de53170d2bf0e8cd74529786d7ab2 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/osutil/isolate.go b/osutil/isolate.go
index 387df905..62144d13 100644
--- a/osutil/isolate.go
+++ b/osutil/isolate.go
@@ -3,6 +3,8 @@
 package osutil
 
 import (
+	"fmt"
+	"os"
 	"os/exec"
 	"os/user"
 	"strconv"
@@ -30,6 +32,17 @@ func ExecuteFromUser(cmd *exec.Cmd, u string) error {
 		return err
 	}
 
+	if _, err := os.Stat("/proc/self/ns/user"); err != nil {
+		if os.IsNotExist(err) {
+			return fmt.Errorf("kernel doesn't support user namespaces")
+		}
+		if os.IsPermission(err) {
+			return fmt.Errorf("unable to test user namespaces due to permissions")
+		}
+
+		return fmt.Errorf("failed to stat /proc/self/ns/user: %v", err)
+	}
+
 	cmd.SysProcAttr.Credential = &syscall.Credential{
 		Uid: uint32(usrI32),
 		Gid: uint32(grI32),
author	Valery Piashchynski <[email protected]>	2020-09-01 20:35:42 +0300
committer	Valery Piashchynski <[email protected]>	2020-09-01 20:35:42 +0300
commit	cff3ba139193c9f2ebcf8220df2a6ac401c55e9b (patch)
tree	b86f877d0bd666d9c214a77d0aa83ed931b9640e
parent	9103939fa98de53170d2bf0e8cd74529786d7ab2 (diff)