diff options
| author | cdoern <cbdoer23@g.holycross.edu> | 2022-05-13 16:04:13 -0400 |
|---|---|---|
| committer | Matthew Heon <mheon@redhat.com> | 2022-06-14 16:12:10 -0400 |
| commit | 4c52debba2ec4807b57deb704cb8cea941a09be3 (patch) | |
| tree | ad597173382a186219a6ca3678c5f7ad10937c14 | |
| parent | 74056bdfc24f83843efce276a61c871dff4b6bba (diff) | |
| download | podman-4c52debba2ec4807b57deb704cb8cea941a09be3.tar.gz podman-4c52debba2ec4807b57deb704cb8cea941a09be3.tar.bz2 podman-4c52debba2ec4807b57deb704cb8cea941a09be3.zip | |
podman pod create --uidmap patch
podmans remote API does not marshal infra's spec due to
the fact that if it did, all of those options would be available to
the users on the command line. This means we need to manually map "backwards"
some container spec items -> pod spec items before calling PodCreate, this was
one of them that was forgotten
resolves #14233
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Signed-off-by: cdoern <cdoern@redhat.com>
| -rw-r--r-- | pkg/specgen/podspecgen.go | 5 | ||||
| -rw-r--r-- | test/system/170-run-userns.bats | 4 |
2 files changed, 8 insertions, 1 deletions
diff --git a/pkg/specgen/podspecgen.go b/pkg/specgen/podspecgen.go index 759caa0c0..ad9414f67 100644 --- a/pkg/specgen/podspecgen.go +++ b/pkg/specgen/podspecgen.go @@ -4,6 +4,7 @@ import ( "net" "github.com/containers/common/libnetwork/types" + storageTypes "github.com/containers/storage/types" spec "github.com/opencontainers/runtime-spec/specs-go" ) @@ -217,6 +218,10 @@ type PodResourceConfig struct { type PodSecurityConfig struct { SecurityOpt []string `json:"security_opt,omitempty"` + // IDMappings are UID and GID mappings that will be used by user + // namespaces. + // Required if UserNS is private. + IDMappings *storageTypes.IDMappingOptions `json:"idmappings,omitempty"` } // NewPodSpecGenerator creates a new pod spec diff --git a/test/system/170-run-userns.bats b/test/system/170-run-userns.bats index b80351902..46cb37b9d 100644 --- a/test/system/170-run-userns.bats +++ b/test/system/170-run-userns.bats @@ -38,10 +38,12 @@ function _require_crun() { @test "rootful pod with custom ID mapping" { skip_if_rootless "does not work rootless - rootful feature" - skip_if_remote "remote --uidmap is broken (see #14233)" random_pod_name=$(random_string 30) run_podman pod create --uidmap 0:200000:5000 --name=$random_pod_name run_podman pod start $random_pod_name + run_podman pod inspect --format '{{.InfraContainerID}}' $random_pod_name + run podman inspect --format '{{.HostConfig.IDMappings.UIDMap}}' $output + is "$output" ".*0:200000:5000" "UID Map Successful" # Remove the pod and the pause image run_podman pod rm $random_pod_name |