rootless: fix pod stop|rm if uid in the container != 0

join the user namespace where the pod is running, so that we can both
manage the storage and correctly send the kill signal to a process
which is not running as root in the namespace.

Closes: https://github.com/containers/libpod/issues/2577

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

1 files changed, 14 insertions, 0 deletions

diff --git a/cmd/podman/pod_stop.go b/cmd/podman/pod_stop.go
index f1b0ac51f..754a3a7db 100644
--- a/cmd/podman/pod_stop.go
+++ b/cmd/podman/pod_stop.go
@@ -2,9 +2,11 @@ package main
 
 import (
 	"fmt"
+	"os"
 
 	"github.com/containers/libpod/cmd/podman/cliconfig"
 	"github.com/containers/libpod/pkg/adapter"
+	"github.com/containers/libpod/pkg/rootless"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
@@ -46,12 +48,24 @@ func init() {
 }
 
 func podStopCmd(c *cliconfig.PodStopValues) error {
+	if os.Geteuid() != 0 {
+		rootless.SetSkipStorageSetup(true)
+	}
+
 	runtime, err := adapter.GetRuntime(&c.PodmanCommand)
 	if err != nil {
 		return errors.Wrapf(err, "could not get runtime")
 	}
 	defer runtime.Shutdown(false)
 
+	if rootless.IsRootless() {
+		var err error
+		c.InputArgs, c.All, c.Latest, err = joinPodNS(runtime, c.All, c.Latest, c.InputArgs)
+		if err != nil {
+			return err
+		}
+	}
+
 	podStopIds, podStopErrors := runtime.StopPods(getContext(), c)
 	for _, p := range podStopIds {
 		fmt.Println(p)