示例#1
0
func (b *STI) checkNoRoot(config *api.Config) error {
	if !config.NoRoot {
		return nil
	}
	user, err := b.docker.GetImageUser(config.BuilderImage)
	if err != nil {
		return err
	}
	if util.IsPotentialRootUser(user) {
		return fmt.Errorf("image %q must specify a user that is numeric and not equal to 0", config.BuilderImage)
	}
	return nil
}
示例#2
0
文件: sti.go 项目: lynxnathan/origin
func (b *STI) checkNoRoot(config *api.Config) error {
	if !config.NoRoot {
		return nil
	}
	user, err := b.docker.GetImageUser(config.BuilderImage)
	if err != nil {
		return err
	}
	if util.IsPotentialRootUser(user) {
		return errors.NewBuilderRootNotAllowedError(config.BuilderImage, false)
	}
	return nil
}
示例#3
0
func (b *OnBuild) checkNoRoot(config *api.Config) error {
	if !config.NoRoot {
		return nil
	}
	user, err := b.docker.GetImageUser(config.BuilderImage)
	if err != nil {
		return err
	}
	if util.IsPotentialRootUser(user) {
		return fmt.Errorf("image %q must specify a user that is numeric and not equal to 0", config.BuilderImage)
	}
	cmds, err := b.docker.GetOnBuild(config.BuilderImage)
	if err != nil {
		return err
	}
	if util.IncludesRootUserDirective(cmds) {
		return fmt.Errorf("image %q includes at least one ONBUILD instruction that sets the user to a non-numeric user or to user 0", config.BuilderImage)
	}
	return nil

}
示例#4
0
func (b *OnBuild) checkNoRoot(config *api.Config) error {
	if !config.NoRoot {
		return nil
	}
	user, err := b.docker.GetImageUser(config.BuilderImage)
	if err != nil {
		return err
	}
	if util.IsPotentialRootUser(user) {
		return errors.NewBuilderRootNotAllowedError(config.BuilderImage, false)
	}
	cmds, err := b.docker.GetOnBuild(config.BuilderImage)
	if err != nil {
		return err
	}
	if util.IncludesRootUserDirective(cmds) {
		return errors.NewBuilderRootNotAllowedError(config.BuilderImage, true)
	}
	return nil

}