summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2020-12-22 16:32:04 +0100
committerGiuseppe Scrivano <gscrivan@redhat.com>2020-12-24 13:39:15 +0100
commit64571ea0a4e70006c727c652b20cdda847b9af29 (patch)
treeb7980607b8da9a647c2a29e9e3a949a6e5b3ce15
parent231c528a4db9d312bd43b2ce15017e734349a12f (diff)
downloadpodman-64571ea0a4e70006c727c652b20cdda847b9af29.tar.gz
podman-64571ea0a4e70006c727c652b20cdda847b9af29.tar.bz2
podman-64571ea0a4e70006c727c652b20cdda847b9af29.zip
libpod: handle single user mapped as root
if a single user is mapped in the user namespace, handle it as root. It is needed for running unprivileged containers with a single user available without being forced to run with euid and egid set to 0. Needs: https://github.com/containers/storage/pull/794 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
-rw-r--r--libpod/container.go6
1 files changed, 6 insertions, 0 deletions
diff --git a/libpod/container.go b/libpod/container.go
index 96a21736c..58bf95470 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -1012,6 +1012,9 @@ func (c *Container) IDMappings() (storage.IDMappingOptions, error) {
// RootUID returns the root user mapping from container
func (c *Container) RootUID() int {
+ if len(c.config.IDMappings.UIDMap) == 1 && c.config.IDMappings.UIDMap[0].Size == 1 {
+ return c.config.IDMappings.UIDMap[0].HostID
+ }
for _, uidmap := range c.config.IDMappings.UIDMap {
if uidmap.ContainerID == 0 {
return uidmap.HostID
@@ -1022,6 +1025,9 @@ func (c *Container) RootUID() int {
// RootGID returns the root user mapping from container
func (c *Container) RootGID() int {
+ if len(c.config.IDMappings.GIDMap) == 1 && c.config.IDMappings.GIDMap[0].Size == 1 {
+ return c.config.IDMappings.GIDMap[0].HostID
+ }
for _, gidmap := range c.config.IDMappings.GIDMap {
if gidmap.ContainerID == 0 {
return gidmap.HostID