diff options
author | Giuseppe Scrivano <giuseppe@scrivano.org> | 2020-09-10 00:19:39 +0200 |
---|---|---|
committer | Giuseppe Scrivano <giuseppe@scrivano.org> | 2020-09-10 19:17:01 +0200 |
commit | 686f6eccee0c20e1dc0789bde76a38cba7535e8e (patch) | |
tree | e773df0738d922980c806941e2404f5f3473d2f8 | |
parent | e1b47296daaf4148d9970b59757a86e71bf8bb10 (diff) | |
download | podman-686f6eccee0c20e1dc0789bde76a38cba7535e8e.tar.gz podman-686f6eccee0c20e1dc0789bde76a38cba7535e8e.tar.bz2 podman-686f6eccee0c20e1dc0789bde76a38cba7535e8e.zip |
libpod: read mappings when joining a container userns
when joining an existing container user namespace, read the existing
mappings so the storage can be created with the correct ownership.
Closes: https://github.com/containers/podman/issues/7547
Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
-rw-r--r-- | libpod/container_internal.go | 2 | ||||
-rw-r--r-- | libpod/options.go | 12 | ||||
-rw-r--r-- | test/e2e/run_userns_test.go | 7 |
3 files changed, 21 insertions, 0 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go index c41d81a2b..040da368d 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -380,6 +380,8 @@ func (c *Container) setupStorageMapping(dest, from *storage.IDMappingOptions) { } dest.GIDMap = append(dest.GIDMap, g) } + dest.HostUIDMapping = false + dest.HostGIDMapping = false } } diff --git a/libpod/options.go b/libpod/options.go index dccbb8741..7eec530ea 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -18,6 +18,7 @@ import ( "github.com/containers/storage" "github.com/containers/storage/pkg/idtools" "github.com/cri-o/ocicni/pkg/ocicni" + "github.com/opencontainers/runtime-tools/generate" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -897,6 +898,17 @@ func WithUserNSFrom(nsCtr *Container) CtrCreateOption { ctr.config.UserNsCtr = nsCtr.ID() ctr.config.IDMappings = nsCtr.config.IDMappings + g := generate.NewFromSpec(ctr.config.Spec) + + g.ClearLinuxUIDMappings() + for _, uidmap := range nsCtr.config.IDMappings.UIDMap { + g.AddLinuxUIDMapping(uint32(uidmap.HostID), uint32(uidmap.ContainerID), uint32(uidmap.Size)) + } + g.ClearLinuxGIDMappings() + for _, gidmap := range nsCtr.config.IDMappings.GIDMap { + g.AddLinuxGIDMapping(uint32(gidmap.HostID), uint32(gidmap.ContainerID), uint32(gidmap.Size)) + } + ctr.config.IDMappings = nsCtr.config.IDMappings return nil } } diff --git a/test/e2e/run_userns_test.go b/test/e2e/run_userns_test.go index 25f8d0d15..8d860cfc3 100644 --- a/test/e2e/run_userns_test.go +++ b/test/e2e/run_userns_test.go @@ -277,6 +277,13 @@ var _ = Describe("Podman UserNS support", func() { ok, _ := session.GrepString("4998") Expect(ok).To(BeTrue()) + + session = podmanTest.Podman([]string{"run", "--rm", "--userns=container:" + ctrName, "--net=container:" + ctrName, "alpine", "cat", "/proc/self/uid_map"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + ok, _ = session.GrepString("4998") + Expect(ok).To(BeTrue()) }) It("podman --user with volume", func() { |