podman: assume user namespace if there are mappings

if some mappings are specified, assume there is a private user
namespace.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

1 files changed, 6 insertions, 1 deletions

diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index ce91e0b2e..ed45a6595 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -209,10 +209,15 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
 		}
 	}
 
-	s.IDMappings, err = util.ParseIDMapping(ns.UsernsMode(c.UserNS), c.UIDMap, c.GIDMap, c.SubUIDName, c.SubGIDName)
+	userNS := ns.UsernsMode(c.UserNS)
+	s.IDMappings, err = util.ParseIDMapping(userNS, c.UIDMap, c.GIDMap, c.SubUIDName, c.SubGIDName)
 	if err != nil {
 		return err
 	}
+	// If some mappings are specified, assume a private user namespace
+	if userNS.IsDefaultValue() && (!s.IDMappings.HostUIDMapping || !s.IDMappings.HostGIDMapping) {
+		s.UserNS.NSMode = specgen.Private
+	}
 
 	s.Terminal = c.TTY
 	ep, err := ExposedPorts(c.Expose, c.Net.PublishPorts, c.PublishAll, nil)