diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2022-05-16 13:19:32 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-16 13:19:32 +0200 |
| commit | 0c7124289f53da7cfd2f951503ca79a105ee9ebd (patch) | |
| tree | 8680ba556b2ee0e69e3119a1dca3c980bd2b4e08 | |
| parent | 76c85b1a0b5b612a83032abc732f28c02b4788e8 (diff) | |
| parent | c45d51899a8190bd3797cdee71b74b912a634c71 (diff) | |
| download | podman-0c7124289f53da7cfd2f951503ca79a105ee9ebd.tar.gz podman-0c7124289f53da7cfd2f951503ca79a105ee9ebd.tar.bz2 podman-0c7124289f53da7cfd2f951503ca79a105ee9ebd.zip | |
Merge pull request #14232 from vrothberg/bz-2083997
[BZ #2083997] pod: build pause image in custom user NS
| -rw-r--r-- | pkg/specgen/generate/pause_image.go | 6 | ||||
| -rw-r--r-- | test/system/170-run-userns.bats | 13 |
2 files changed, 19 insertions, 0 deletions
diff --git a/pkg/specgen/generate/pause_image.go b/pkg/specgen/generate/pause_image.go index 4aba230a3..ddf35f230 100644 --- a/pkg/specgen/generate/pause_image.go +++ b/pkg/specgen/generate/pause_image.go @@ -80,6 +80,12 @@ ENTRYPOINT ["/catatonit", "-P"]`, catatonitPath) Quiet: true, IgnoreFile: "/dev/null", // makes sure to not read a local .ignorefile (see #13529) IIDFile: "/dev/null", // prevents Buildah from writing the ID on stdout + IDMappingOptions: &buildahDefine.IDMappingOptions{ + // Use the host UID/GID mappings for the build to avoid issues when + // running with a custom mapping (BZ #2083997). + HostUIDMapping: true, + HostGIDMapping: true, + }, } if _, _, err := rt.Build(context.Background(), buildOptions, tmpF.Name()); err != nil { return "", err diff --git a/test/system/170-run-userns.bats b/test/system/170-run-userns.bats index d754306b2..b80351902 100644 --- a/test/system/170-run-userns.bats +++ b/test/system/170-run-userns.bats @@ -36,6 +36,19 @@ function _require_crun() { is "$output" ".*457" "Check group leaked into container" } +@test "rootful pod with custom ID mapping" { + skip_if_rootless "does not work rootless - rootful feature" + skip_if_remote "remote --uidmap is broken (see #14233)" + random_pod_name=$(random_string 30) + run_podman pod create --uidmap 0:200000:5000 --name=$random_pod_name + run_podman pod start $random_pod_name + + # Remove the pod and the pause image + run_podman pod rm $random_pod_name + run_podman version --format "{{.Server.Version}}-{{.Server.Built}}" + run_podman rmi -f localhost/podman-pause:$output +} + @test "podman --remote --group-add keep-groups " { if is_remote; then run_podman 125 run --rm --group-add keep-groups $IMAGE id |