summaryrefslogtreecommitdiff
path: root/cmd/podman/spec.go
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2018-04-23 20:42:53 -0400
committerAtomic Bot <atomic-devel@projectatomic.io>2018-05-04 17:15:55 +0000
commitb51d7379987581da82902027fe91cdf298047bc0 (patch)
treef9d7fbebf3b946caea5eb5e2c626a19413c795c8 /cmd/podman/spec.go
parent1f5debd43806cc3bd07f562ff00ef4c426540f98 (diff)
downloadpodman-b51d7379987581da82902027fe91cdf298047bc0.tar.gz
podman-b51d7379987581da82902027fe91cdf298047bc0.tar.bz2
podman-b51d7379987581da82902027fe91cdf298047bc0.zip
Begin wiring in USERNS Support into podman
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #690 Approved by: mheon
Diffstat (limited to 'cmd/podman/spec.go')
-rw-r--r--cmd/podman/spec.go17
1 files changed, 17 insertions, 0 deletions
diff --git a/cmd/podman/spec.go b/cmd/podman/spec.go
index fc2ab267d..15dab6c4d 100644
--- a/cmd/podman/spec.go
+++ b/cmd/podman/spec.go
@@ -66,6 +66,13 @@ func addPidNS(config *createConfig, g *generate.Generator) error {
return nil
}
+func addUserNS(config *createConfig, g *generate.Generator) error {
+ if (len(config.IDMappings.UIDMap) > 0 || len(config.IDMappings.GIDMap) > 0) && !config.UsernsMode.IsHost() {
+ g.AddOrReplaceLinuxNamespace(spec.UserNamespace, "")
+ }
+ return nil
+}
+
func addNetNS(config *createConfig, g *generate.Generator) error {
netMode := config.NetMode
if netMode.IsHost() {
@@ -257,6 +264,12 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) {
}
}
+ for _, uidmap := range config.IDMappings.UIDMap {
+ g.AddLinuxUIDMapping(uint32(uidmap.HostID), uint32(uidmap.ContainerID), uint32(uidmap.Size))
+ }
+ for _, gidmap := range config.IDMappings.GIDMap {
+ g.AddLinuxGIDMapping(uint32(gidmap.HostID), uint32(gidmap.ContainerID), uint32(gidmap.Size))
+ }
// SECURITY OPTS
g.SetProcessNoNewPrivileges(config.NoNewPrivs)
g.SetProcessApparmorProfile(config.ApparmorProfile)
@@ -300,6 +313,10 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) {
return nil, err
}
+ if err := addUserNS(config, &g); err != nil {
+ return nil, err
+ }
+
if err := addNetNS(config, &g); err != nil {
return nil, err
}