Home / user-163817

dax's questions

Martin Hope
dax
Asked: 2021-03-02 00:48:59 +0800 CST
  • 1

I want to access directories on the host system from inside a rootless podman container. When using external volumes with podman rootless containers, the user who accesses the external volumes has a subuid and subgid of the user who invoked podman. Which user id depends on the sub-id range of the invoking user and the internal user in the OCI container. The only way I found to give this sub-user access to external volumes (besides just making the folder writable by everyone on the host system) is to chown the directory directly to that sub-user id. Is there a better way to do this which does not involve me manually checking /etc/subgid and also the user in the conainer?

podman
Martin Hope
dax
Asked: 2013-03-11 05:31:26 +0800 CST
  • 3

I'm trying to print out the binary buffers of some read() and write() calls with dtrace. The problem with just using printf() and %s is that the string is terminated at null bytes. (\000) There is also tracemem() but it can only print out fixed size buffers and I like to get the size of the buffer out of the size argument of the read and write function calls. Moreover the output of dtrace should be machine-readable and tracemem() is not. My current approach looks like this: 

syscall::write:return,
syscall::write_nocancel:return,
syscall::read:return,
syscall::read_nocancel:return
/self->start != 0 && arg0 != -1/
{
    this->content = (char*) copyin(self->arg1,arg0);
    printf("%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c", this->    content[0],this->content[1],this->content[2],this->content[3],this->content[4],this->content[5],this->content[6],this->content[7],this->content[8]    ,this->content[9],this->content[10],this->content[11],this->content[12],this->content[13],this->content[14],this->content[15],this->content[16],this-    >content[17],this->content[18],this->content[19],this->content[20],this->content[21],this->content[22],this->content[23],this->content[24],this->    content[25],this->content[26],this->content[27],this->content[28],this->content[29],this->content[30],this->content[31],this->content[32],this->    content[33],this->content[34],this->content[35],this->content[36],this->content[37],this->content[38],this->content[39],this->content[40],this->    content[41],this->content[42],this->content[43],this->content[44],this->content[45],this->content[46],this->content[47],this->content[48],this->    content[49],this->content[50],this->content[51],this->content[52],this->content[53],this->content[54],this->content[55],this->content[56],this->    content[57],this->content[58],this->content[59],this->content[60],this->content[61],this->content[62],this->content[63]);
}

This kind of works if the read() or write() command never uses more then 64 byte. Of course, this is no optimal solution.

Any ideas?

dtrace