diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2020-12-22 16:32:04 +0100 |
---|---|---|
committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2020-12-24 13:39:15 +0100 |
commit | 64571ea0a4e70006c727c652b20cdda847b9af29 (patch) | |
tree | b7980607b8da9a647c2a29e9e3a949a6e5b3ce15 | |
parent | 231c528a4db9d312bd43b2ce15017e734349a12f (diff) | |
download | podman-64571ea0a4e70006c727c652b20cdda847b9af29.tar.gz podman-64571ea0a4e70006c727c652b20cdda847b9af29.tar.bz2 podman-64571ea0a4e70006c727c652b20cdda847b9af29.zip |
libpod: handle single user mapped as root
if a single user is mapped in the user namespace, handle it as root.
It is needed for running unprivileged containers with a single user
available without being forced to run with euid and egid set to 0.
Needs: https://github.com/containers/storage/pull/794
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
-rw-r--r-- | libpod/container.go | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/libpod/container.go b/libpod/container.go index 96a21736c..58bf95470 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -1012,6 +1012,9 @@ func (c *Container) IDMappings() (storage.IDMappingOptions, error) { // RootUID returns the root user mapping from container func (c *Container) RootUID() int { + if len(c.config.IDMappings.UIDMap) == 1 && c.config.IDMappings.UIDMap[0].Size == 1 { + return c.config.IDMappings.UIDMap[0].HostID + } for _, uidmap := range c.config.IDMappings.UIDMap { if uidmap.ContainerID == 0 { return uidmap.HostID @@ -1022,6 +1025,9 @@ func (c *Container) RootUID() int { // RootGID returns the root user mapping from container func (c *Container) RootGID() int { + if len(c.config.IDMappings.GIDMap) == 1 && c.config.IDMappings.GIDMap[0].Size == 1 { + return c.config.IDMappings.GIDMap[0].HostID + } for _, gidmap := range c.config.IDMappings.GIDMap { if gidmap.ContainerID == 0 { return gidmap.HostID |