m/node: enable user namespaces in K8s
This enables the two feature gates for user namespace support in K8s.
We did not previously have a passwd file which caused Go's UserLookup
to fail with an unexpected error. Add an mostly-empty placeholder file
to placate it.
Change-Id: I71a7a6dc889a289512075a25b7e551f2cd65ffb6
Reviewed-on: https://review.monogon.dev/c/monogon/+/3665
Reviewed-by: Tim Windelschmidt <tim@monogon.tech>
Tested-by: Jenkins CI
diff --git a/metropolis/test/e2e/preseedtest/main.go b/metropolis/test/e2e/preseedtest/main.go
index a44377f..77fcba6 100644
--- a/metropolis/test/e2e/preseedtest/main.go
+++ b/metropolis/test/e2e/preseedtest/main.go
@@ -19,6 +19,9 @@
import (
"fmt"
"net/http"
+ "os"
+ "strconv"
+ "strings"
)
func main() {
@@ -26,6 +29,28 @@
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Hello world from preseeded image\n")
})
+ http.HandleFunc("/ready_userns", func(w http.ResponseWriter, r *http.Request) {
+ uidMapRaw, err := os.ReadFile("/proc/self/uid_map")
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+ uidMapFields := strings.Fields(string(uidMapRaw))
+ if len(uidMapFields) != 3 {
+ http.Error(w, fmt.Sprintf("Bad uid_map contents, not 3 fields: %q", string(uidMapRaw)), http.StatusInternalServerError)
+ return
+ }
+ startId, err := strconv.ParseUint(uidMapFields[1], 10, 64)
+ if err != nil {
+ http.Error(w, fmt.Sprintf("while parsing start ID: %v", err), http.StatusInternalServerError)
+ return
+ }
+ if startId == 0 {
+ http.Error(w, "Not in a non-initial user namespace, UID space starts at 0", http.StatusInternalServerError)
+ return
+ }
+ fmt.Fprintf(w, "Hello world from a user namespace\n")
+ })
err := http.ListenAndServe(":80", nil)
if err != nil {
fmt.Printf("Serve failed: %v\n", err)