aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2018-07-24 17:12:33 +0200
committerAtomic Bot <atomic-devel@projectatomic.io>2018-07-24 21:50:49 +0000
commit819c80712578cce1d5fd1915a351bc739c7fcb72 (patch)
treec988a6f0ec51c4b5c5f885dbc7f9a321de8d75f6
parent41c7e43b4dbba117d41d82cd8d5c0f004daba21e (diff)
downloadpodman-819c80712578cce1d5fd1915a351bc739c7fcb72.tar.gz
podman-819c80712578cce1d5fd1915a351bc739c7fcb72.tar.bz2
podman-819c80712578cce1d5fd1915a351bc739c7fcb72.zip
podman: allow to specify the userns to join
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1145 Approved by: rhatdan
-rw-r--r--cmd/podman/create.go2
-rw-r--r--docs/podman-create.1.md1
-rw-r--r--docs/podman-run.1.md1
-rw-r--r--pkg/spec/spec.go8
4 files changed, 11 insertions, 1 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index 6fe68ebab..071c04ca5 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -374,7 +374,7 @@ func parseCreateOpts(ctx context.Context, c *cli.Context, runtime *libpod.Runtim
}
usernsMode := container.UsernsMode(c.String("userns"))
- if !usernsMode.Valid() {
+ if !cc.IsNS(string(usernsMode)) && !usernsMode.Valid() {
return nil, errors.Errorf("--userns %q is not valid", c.String("userns"))
}
diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md
index 68b711001..d9165d4cb 100644
--- a/docs/podman-create.1.md
+++ b/docs/podman-create.1.md
@@ -582,6 +582,7 @@ Without this argument the command will be run as root in the container.
Set the usernamespace mode for the container. The use of userns is disabled by default.
**host**: use the host usernamespace and enable all privileged options (e.g., `pid=host` or `--privileged`).
+ **ns**: specify the usernamespace to use.
**--uts**=*host*
diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md
index c03fd7c46..9af9640b0 100644
--- a/docs/podman-run.1.md
+++ b/docs/podman-run.1.md
@@ -612,6 +612,7 @@ Without this argument the command will be run as root in the container.
Set the usernamespace mode for the container. The use of userns is disabled by default.
`host`: use the host usernamespace and enable all privileged options (e.g., `pid=host` or `--privileged`).
+`ns`: specify the usernamespace to use.
**--uts**=*host*
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index acc41f7c5..dcf1c51dd 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -326,6 +326,14 @@ func addPidNS(config *CreateConfig, g *generate.Generator) error {
}
func addUserNS(config *CreateConfig, g *generate.Generator) error {
+ if IsNS(string(config.UsernsMode)) {
+ g.AddOrReplaceLinuxNamespace(spec.UserNamespace, NS(string(config.UsernsMode)))
+
+ // runc complains if no mapping is specified, even if we join another ns. So provide a dummy mapping
+ g.AddLinuxUIDMapping(uint32(0), uint32(0), uint32(1))
+ g.AddLinuxGIDMapping(uint32(0), uint32(0), uint32(1))
+ }
+
if (len(config.IDMappings.UIDMap) > 0 || len(config.IDMappings.GIDMap) > 0) && !config.UsernsMode.IsHost() {
g.AddOrReplaceLinuxNamespace(spec.UserNamespace, "")
}