diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2022-05-18 08:51:01 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-05-18 08:51:01 -0400 |
commit | 12d30e63f055d904277c647a4ddbf406e28883f9 (patch) | |
tree | 88e9ebcc54e229fb205cdf751f469ded91ccbecc | |
parent | 1cb638c1bc5506283ea585b6826df7bb48a78b1a (diff) | |
parent | fe29196ba888f2dc030c7f004edf00cd7e15dd0e (diff) | |
download | podman-12d30e63f055d904277c647a4ddbf406e28883f9.tar.gz podman-12d30e63f055d904277c647a4ddbf406e28883f9.tar.bz2 podman-12d30e63f055d904277c647a4ddbf406e28883f9.zip |
Merge pull request #14280 from vrothberg/4.1-backport
[v4.1] [BZ #2083997] pod: build pause image in custom user NS
-rw-r--r-- | pkg/specgen/generate/pod_create.go | 6 | ||||
-rw-r--r-- | test/system/170-run-userns.bats | 13 |
2 files changed, 19 insertions, 0 deletions
diff --git a/pkg/specgen/generate/pod_create.go b/pkg/specgen/generate/pod_create.go index a3408b402..83730e657 100644 --- a/pkg/specgen/generate/pod_create.go +++ b/pkg/specgen/generate/pod_create.go @@ -58,6 +58,12 @@ ENTRYPOINT ["/catatonit", "-P"]`, catatonitPath) Quiet: true, IgnoreFile: "/dev/null", // makes sure to not read a local .ignorefile (see #13529) IIDFile: "/dev/null", // prevents Buildah from writing the ID on stdout + IDMappingOptions: &buildahDefine.IDMappingOptions{ + // Use the host UID/GID mappings for the build to avoid issues when + // running with a custom mapping (BZ #2083997). + HostUIDMapping: true, + HostGIDMapping: true, + }, } if _, _, err := rt.Build(context.Background(), buildOptions, tmpF.Name()); err != nil { return "", err diff --git a/test/system/170-run-userns.bats b/test/system/170-run-userns.bats index d754306b2..b80351902 100644 --- a/test/system/170-run-userns.bats +++ b/test/system/170-run-userns.bats @@ -36,6 +36,19 @@ function _require_crun() { is "$output" ".*457" "Check group leaked into container" } +@test "rootful pod with custom ID mapping" { + skip_if_rootless "does not work rootless - rootful feature" + skip_if_remote "remote --uidmap is broken (see #14233)" + random_pod_name=$(random_string 30) + run_podman pod create --uidmap 0:200000:5000 --name=$random_pod_name + run_podman pod start $random_pod_name + + # Remove the pod and the pause image + run_podman pod rm $random_pod_name + run_podman version --format "{{.Server.Version}}-{{.Server.Built}}" + run_podman rmi -f localhost/podman-pause:$output +} + @test "podman --remote --group-add keep-groups " { if is_remote; then run_podman 125 run --rm --group-add keep-groups $IMAGE id |