rootless: fix --pid=host without --privileged

When using --pid=host don't try to cover /proc paths, as they are
coming from the /proc bind mounted from the host.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

2 files changed, 8 insertions, 0 deletions

diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 9ef0223f2..46105af4a 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -376,6 +376,10 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint
 }
 
 func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) {
+	if config.PidMode.IsHost() && rootless.IsRootless() {
+		return
+	}
+
 	if !config.Privileged {
 		for _, mp := range []string{
 			"/proc/acpi",
diff --git a/test/e2e/rootless_test.go b/test/e2e/rootless_test.go
index 8e9f9fc8d..e9606f859 100644
--- a/test/e2e/rootless_test.go
+++ b/test/e2e/rootless_test.go
@@ -274,6 +274,10 @@ var _ = Describe("Podman rootless", func() {
 		runRootlessHelper([]string{"--net", "host"})
 	})
 
+	It("podman rootless rootfs --pid host", func() {
+		runRootlessHelper([]string{"--pid", "host"})
+	})
+
 	It("podman rootless rootfs --privileged", func() {
 		runRootlessHelper([]string{"--privileged"})
 	})