aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2020-04-24 15:37:31 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2020-04-24 15:55:38 +0200
commit88f1994ab9a0bf3a8df3c8f74a39cd1db27c2070 (patch)
tree0cbd25a81bc2874613658dfe26db08db61d45795
parent64d8b4eebb01c6647b0588475c785cdd075389d3 (diff)
downloadpodman-88f1994ab9a0bf3a8df3c8f74a39cd1db27c2070.tar.gz
podman-88f1994ab9a0bf3a8df3c8f74a39cd1db27c2070.tar.bz2
podman-88f1994ab9a0bf3a8df3c8f74a39cd1db27c2070.zip
podman: assume user namespace if there are mappings
if some mappings are specified, assume there is a private user namespace. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
-rw-r--r--cmd/podman/common/specgen.go7
-rw-r--r--pkg/namespaces/namespaces.go7
-rw-r--r--test/e2e/run_userns_test.go1
3 files changed, 12 insertions, 3 deletions
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index ce91e0b2e..ed45a6595 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -209,10 +209,15 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
}
}
- s.IDMappings, err = util.ParseIDMapping(ns.UsernsMode(c.UserNS), c.UIDMap, c.GIDMap, c.SubUIDName, c.SubGIDName)
+ userNS := ns.UsernsMode(c.UserNS)
+ s.IDMappings, err = util.ParseIDMapping(userNS, c.UIDMap, c.GIDMap, c.SubUIDName, c.SubGIDName)
if err != nil {
return err
}
+ // If some mappings are specified, assume a private user namespace
+ if userNS.IsDefaultValue() && (!s.IDMappings.HostUIDMapping || !s.IDMappings.HostGIDMapping) {
+ s.UserNS.NSMode = specgen.Private
+ }
s.Terminal = c.TTY
ep, err := ExposedPorts(c.Expose, c.Net.PublishPorts, c.PublishAll, nil)
diff --git a/pkg/namespaces/namespaces.go b/pkg/namespaces/namespaces.go
index 2cb3c3f20..2ffbde977 100644
--- a/pkg/namespaces/namespaces.go
+++ b/pkg/namespaces/namespaces.go
@@ -31,7 +31,7 @@ func (n CgroupMode) IsHost() bool {
// IsDefaultValue indicates whether the cgroup namespace has the default value.
func (n CgroupMode) IsDefaultValue() bool {
- return n == ""
+ return n == "" || n == defaultType
}
// IsNS indicates a cgroup namespace passed in by path (ns:<path>)
@@ -102,6 +102,11 @@ func (n UsernsMode) IsAuto() bool {
return parts[0] == "auto"
}
+// IsDefaultValue indicates whether the user namespace has the default value.
+func (n UsernsMode) IsDefaultValue() bool {
+ return n == "" || n == defaultType
+}
+
// GetAutoOptions returns a AutoUserNsOptions with the settings to setup automatically
// a user namespace.
func (n UsernsMode) GetAutoOptions() (*storage.AutoUserNsOptions, error) {
diff --git a/test/e2e/run_userns_test.go b/test/e2e/run_userns_test.go
index d4b4f9024..25f12ec2e 100644
--- a/test/e2e/run_userns_test.go
+++ b/test/e2e/run_userns_test.go
@@ -218,7 +218,6 @@ var _ = Describe("Podman UserNS support", func() {
})
It("podman --userns=container:CTR", func() {
- Skip(v2fail)
ctrName := "userns-ctr"
session := podmanTest.Podman([]string{"run", "-d", "--uidmap=0:0:1", "--uidmap=1:1:4998", "--name", ctrName, "alpine", "top"})
session.WaitWithDefaultTimeout()