summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGiuseppe Scrivano <giuseppe@scrivano.org>2020-09-10 00:19:39 +0200
committerGiuseppe Scrivano <giuseppe@scrivano.org>2020-09-10 19:17:01 +0200
commit686f6eccee0c20e1dc0789bde76a38cba7535e8e (patch)
treee773df0738d922980c806941e2404f5f3473d2f8
parente1b47296daaf4148d9970b59757a86e71bf8bb10 (diff)
downloadpodman-686f6eccee0c20e1dc0789bde76a38cba7535e8e.tar.gz
podman-686f6eccee0c20e1dc0789bde76a38cba7535e8e.tar.bz2
podman-686f6eccee0c20e1dc0789bde76a38cba7535e8e.zip
libpod: read mappings when joining a container userns
when joining an existing container user namespace, read the existing mappings so the storage can be created with the correct ownership. Closes: https://github.com/containers/podman/issues/7547 Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
-rw-r--r--libpod/container_internal.go2
-rw-r--r--libpod/options.go12
-rw-r--r--test/e2e/run_userns_test.go7
3 files changed, 21 insertions, 0 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index c41d81a2b..040da368d 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -380,6 +380,8 @@ func (c *Container) setupStorageMapping(dest, from *storage.IDMappingOptions) {
}
dest.GIDMap = append(dest.GIDMap, g)
}
+ dest.HostUIDMapping = false
+ dest.HostGIDMapping = false
}
}
diff --git a/libpod/options.go b/libpod/options.go
index dccbb8741..7eec530ea 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -18,6 +18,7 @@ import (
"github.com/containers/storage"
"github.com/containers/storage/pkg/idtools"
"github.com/cri-o/ocicni/pkg/ocicni"
+ "github.com/opencontainers/runtime-tools/generate"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
@@ -897,6 +898,17 @@ func WithUserNSFrom(nsCtr *Container) CtrCreateOption {
ctr.config.UserNsCtr = nsCtr.ID()
ctr.config.IDMappings = nsCtr.config.IDMappings
+ g := generate.NewFromSpec(ctr.config.Spec)
+
+ g.ClearLinuxUIDMappings()
+ for _, uidmap := range nsCtr.config.IDMappings.UIDMap {
+ g.AddLinuxUIDMapping(uint32(uidmap.HostID), uint32(uidmap.ContainerID), uint32(uidmap.Size))
+ }
+ g.ClearLinuxGIDMappings()
+ for _, gidmap := range nsCtr.config.IDMappings.GIDMap {
+ g.AddLinuxGIDMapping(uint32(gidmap.HostID), uint32(gidmap.ContainerID), uint32(gidmap.Size))
+ }
+ ctr.config.IDMappings = nsCtr.config.IDMappings
return nil
}
}
diff --git a/test/e2e/run_userns_test.go b/test/e2e/run_userns_test.go
index 25f8d0d15..8d860cfc3 100644
--- a/test/e2e/run_userns_test.go
+++ b/test/e2e/run_userns_test.go
@@ -277,6 +277,13 @@ var _ = Describe("Podman UserNS support", func() {
ok, _ := session.GrepString("4998")
Expect(ok).To(BeTrue())
+
+ session = podmanTest.Podman([]string{"run", "--rm", "--userns=container:" + ctrName, "--net=container:" + ctrName, "alpine", "cat", "/proc/self/uid_map"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ ok, _ = session.GrepString("4998")
+ Expect(ok).To(BeTrue())
})
It("podman --user with volume", func() {