rootless, run: support --pod

move re-exec later on, so that we can check whether we need to join
the infra container user namespace or we need to create another one.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

Closes: #1372
Approved by: mheon

1 files changed, 14 insertions, 1 deletions

diff --git a/cmd/podman/run.go b/cmd/podman/run.go
index 66e78dafd..d8a8a48d5 100644
--- a/cmd/podman/run.go
+++ b/cmd/podman/run.go
@@ -13,6 +13,7 @@ import (
 	"github.com/containers/libpod/libpod"
 	"github.com/containers/libpod/libpod/image"
 	"github.com/containers/libpod/pkg/inspect"
+	"github.com/containers/libpod/pkg/rootless"
 	cc "github.com/containers/libpod/pkg/spec"
 	"github.com/containers/libpod/pkg/util"
 	"github.com/pkg/errors"
@@ -73,6 +74,10 @@ func runCmd(c *cli.Context) error {
 	storageOpts.UIDMap = mappings.UIDMap
 	storageOpts.GIDMap = mappings.GIDMap
 
+	if os.Getuid() != 0 {
+		rootless.SetSkipStorageSetup(true)
+	}
+
 	runtime, err := libpodruntime.GetRuntimeWithStorageOpts(c, &storageOpts)
 	if err != nil {
 		return errors.Wrapf(err, "error creating libpod runtime")
@@ -93,7 +98,7 @@ func runCmd(c *cli.Context) error {
 
 	var newImage *image.Image = nil
 	var data *inspect.ImageData = nil
-	if rootfs == "" {
+	if rootfs == "" && !rootless.SkipStorageSetup() {
 		newImage, err = runtime.ImageRuntime().New(ctx, c.Args()[0], rtc.SignaturePolicyPath, "", os.Stderr, nil, image.SigningOptions{}, false, false)
 		if err != nil {
 			return errors.Wrapf(err, "unable to find image")
@@ -124,6 +129,14 @@ func runCmd(c *cli.Context) error {
 		return err
 	}
 
+	became, ret, err := joinOrCreateRootlessUserNamespace(createConfig, runtime)
+	if err != nil {
+		return err
+	}
+	if became {
+		os.Exit(ret)
+	}
+
 	ctr, err := runtime.NewContainer(ctx, runtimeSpec, options...)
 	if err != nil {
 		return err