diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2020-04-24 15:37:31 +0200 |
---|---|---|
committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2020-04-24 15:55:38 +0200 |
commit | 88f1994ab9a0bf3a8df3c8f74a39cd1db27c2070 (patch) | |
tree | 0cbd25a81bc2874613658dfe26db08db61d45795 | |
parent | 64d8b4eebb01c6647b0588475c785cdd075389d3 (diff) | |
download | podman-88f1994ab9a0bf3a8df3c8f74a39cd1db27c2070.tar.gz podman-88f1994ab9a0bf3a8df3c8f74a39cd1db27c2070.tar.bz2 podman-88f1994ab9a0bf3a8df3c8f74a39cd1db27c2070.zip |
podman: assume user namespace if there are mappings
if some mappings are specified, assume there is a private user
namespace.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
-rw-r--r-- | cmd/podman/common/specgen.go | 7 | ||||
-rw-r--r-- | pkg/namespaces/namespaces.go | 7 | ||||
-rw-r--r-- | test/e2e/run_userns_test.go | 1 |
3 files changed, 12 insertions, 3 deletions
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go index ce91e0b2e..ed45a6595 100644 --- a/cmd/podman/common/specgen.go +++ b/cmd/podman/common/specgen.go @@ -209,10 +209,15 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string } } - s.IDMappings, err = util.ParseIDMapping(ns.UsernsMode(c.UserNS), c.UIDMap, c.GIDMap, c.SubUIDName, c.SubGIDName) + userNS := ns.UsernsMode(c.UserNS) + s.IDMappings, err = util.ParseIDMapping(userNS, c.UIDMap, c.GIDMap, c.SubUIDName, c.SubGIDName) if err != nil { return err } + // If some mappings are specified, assume a private user namespace + if userNS.IsDefaultValue() && (!s.IDMappings.HostUIDMapping || !s.IDMappings.HostGIDMapping) { + s.UserNS.NSMode = specgen.Private + } s.Terminal = c.TTY ep, err := ExposedPorts(c.Expose, c.Net.PublishPorts, c.PublishAll, nil) diff --git a/pkg/namespaces/namespaces.go b/pkg/namespaces/namespaces.go index 2cb3c3f20..2ffbde977 100644 --- a/pkg/namespaces/namespaces.go +++ b/pkg/namespaces/namespaces.go @@ -31,7 +31,7 @@ func (n CgroupMode) IsHost() bool { // IsDefaultValue indicates whether the cgroup namespace has the default value. func (n CgroupMode) IsDefaultValue() bool { - return n == "" + return n == "" || n == defaultType } // IsNS indicates a cgroup namespace passed in by path (ns:<path>) @@ -102,6 +102,11 @@ func (n UsernsMode) IsAuto() bool { return parts[0] == "auto" } +// IsDefaultValue indicates whether the user namespace has the default value. +func (n UsernsMode) IsDefaultValue() bool { + return n == "" || n == defaultType +} + // GetAutoOptions returns a AutoUserNsOptions with the settings to setup automatically // a user namespace. func (n UsernsMode) GetAutoOptions() (*storage.AutoUserNsOptions, error) { diff --git a/test/e2e/run_userns_test.go b/test/e2e/run_userns_test.go index d4b4f9024..25f12ec2e 100644 --- a/test/e2e/run_userns_test.go +++ b/test/e2e/run_userns_test.go @@ -218,7 +218,6 @@ var _ = Describe("Podman UserNS support", func() { }) It("podman --userns=container:CTR", func() { - Skip(v2fail) ctrName := "userns-ctr" session := podmanTest.Podman([]string{"run", "-d", "--uidmap=0:0:1", "--uidmap=1:1:4998", "--name", ctrName, "alpine", "top"}) session.WaitWithDefaultTimeout() |