diff options
| author | Daniel J Walsh <dwalsh@redhat.com> | 2020-10-13 17:43:26 -0400 |
|---|---|---|
| committer | Ed Santiago <santiago@redhat.com> | 2020-10-14 15:31:56 -0600 |
| commit | 1814bac92e98bf24c8f757dcd42fc0ae9fb9f9b0 (patch) | |
| tree | 1081e38cfce5486b6b81f27ed1b1c4db003ec93d | |
| parent | e4f6a1afae1f28b9d7509a2a1b3e8180decbbb57 (diff) | |
| download | podman-1814bac92e98bf24c8f757dcd42fc0ae9fb9f9b0.tar.gz podman-1814bac92e98bf24c8f757dcd42fc0ae9fb9f9b0.tar.bz2 podman-1814bac92e98bf24c8f757dcd42fc0ae9fb9f9b0.zip | |
Setup HOME environment when using --userns=keep-id
Currently the HOME environment is set to /root if
the user does not override it.
Also walk the parent directories of users homedir
to see if it is volume mounted into the container,
if yes, then set it correctly.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| -rw-r--r-- | libpod/container_internal_linux.go | 30 | ||||
| -rw-r--r-- | test/e2e/toolbox_test.go | 12 |
2 files changed, 39 insertions, 3 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 3a71c6601..105623810 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -1717,11 +1717,35 @@ func (c *Container) generateCurrentUserPasswdEntry() (string, int, int, error) { // If the user's actual home directory exists, or was mounted in - use // that. homeDir := c.WorkingDir() - if MountExists(c.config.Spec.Mounts, u.HomeDir) { - homeDir = u.HomeDir + hDir := u.HomeDir + for hDir != "/" { + if MountExists(c.config.Spec.Mounts, hDir) { + homeDir = u.HomeDir + break + } + hDir = filepath.Dir(hDir) + } + if homeDir != u.HomeDir { + for _, hDir := range c.UserVolumes() { + if hDir == u.HomeDir { + homeDir = u.HomeDir + break + } + } + } + // Set HOME environment if not already set + hasHomeSet := false + for _, s := range c.config.Spec.Process.Env { + if strings.HasPrefix(s, "HOME=") { + hasHomeSet = true + break + } + } + if !hasHomeSet { + c.config.Spec.Process.Env = append(c.config.Spec.Process.Env, fmt.Sprintf("HOME=%s", homeDir)) } - return fmt.Sprintf("%s:*:%s:%s:%s:%s:/bin/sh\n", u.Username, u.Uid, u.Gid, u.Username, homeDir), uid, rootless.GetRootlessGID(), nil + return fmt.Sprintf("%s:*:%s:%s:%s:%s:/bin/sh\n", u.Username, u.Uid, u.Gid, u.Name, homeDir), uid, rootless.GetRootlessGID(), nil } // generateUserPasswdEntry generates an /etc/passwd entry for the container user diff --git a/test/e2e/toolbox_test.go b/test/e2e/toolbox_test.go index 6122cee19..4f4113bd4 100644 --- a/test/e2e/toolbox_test.go +++ b/test/e2e/toolbox_test.go @@ -365,4 +365,16 @@ var _ = Describe("Toolbox-specific testing", func() { Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(ContainSubstring("READY")) }) + + It("podman run --userns=keep-id check $HOME", func() { + var session *PodmanSessionIntegration + + currentUser, err := user.Current() + Expect(err).To(BeNil()) + session = podmanTest.Podman([]string{"run", "-v", fmt.Sprintf("%s:%s", currentUser.HomeDir, currentUser.HomeDir), "--userns=keep-id", fedoraToolbox, "sh", "-c", "echo $HOME"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring(currentUser.HomeDir)) + }) + }) |