aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2020-06-10 14:45:11 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2020-06-10 14:46:48 +0200
commita389eab8d116f406aba6a4fd1dd5a545e536e88b (patch)
tree6cb96cde7b4aaf6ee603e82d50b7f95db0d17714
parent63468464e8365adefebee7127be888ea649edd8e (diff)
downloadpodman-a389eab8d116f406aba6a4fd1dd5a545e536e88b.tar.gz
podman-a389eab8d116f406aba6a4fd1dd5a545e536e88b.tar.bz2
podman-a389eab8d116f406aba6a4fd1dd5a545e536e88b.zip
container: make resolv.conf and hosts accessible in userns
when running in a new userns, make sure the resolv.conf and hosts files bind mounted from another container are accessible to root in the userns. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
-rw-r--r--libpod/container_internal_linux.go9
1 files changed, 9 insertions, 0 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index d08e012a6..e0cd39ee5 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -1171,6 +1171,15 @@ func (c *Container) makeBindMounts() error {
// finally, save it in the new container
c.state.BindMounts["/etc/hosts"] = hostsPath
}
+
+ if !hasCurrentUserMapped(c) {
+ if err := makeAccessible(resolvPath, c.RootUID(), c.RootGID()); err != nil {
+ return err
+ }
+ if err := makeAccessible(hostsPath, c.RootUID(), c.RootGID()); err != nil {
+ return err
+ }
+ }
} else {
if !c.config.UseImageResolvConf {
newResolv, err := c.generateResolvConf()