diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2022-04-13 14:06:05 -0400 |
---|---|---|
committer | Daniel J Walsh <dwalsh@redhat.com> | 2022-04-21 15:29:04 -0400 |
commit | 80c0fceb24b70a85f3f2ca8be29f4a131c0881d4 (patch) | |
tree | f7ceffaaf30f4b8057638db446b5512fbbe27318 /cmd/podman | |
parent | 121dde6234ddfcaf11abea03449bfd2a11da90a5 (diff) | |
download | podman-80c0fceb24b70a85f3f2ca8be29f4a131c0881d4.tar.gz podman-80c0fceb24b70a85f3f2ca8be29f4a131c0881d4.tar.bz2 podman-80c0fceb24b70a85f3f2ca8be29f4a131c0881d4.zip |
Add support for --userns=nomap
From a security point of view, it would be nice to be able to map a
rootless usernamespace that does not use your own UID within the
container.
This would add protection against a hostile process escapping the
container and reading content in your homedir.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'cmd/podman')
-rw-r--r-- | cmd/podman/common/completion.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/cmd/podman/common/completion.go b/cmd/podman/common/completion.go index 3d36162ee..abb943942 100644 --- a/cmd/podman/common/completion.go +++ b/cmd/podman/common/completion.go @@ -756,7 +756,7 @@ func AutocompleteNamespace(cmd *cobra.Command, args []string, toComplete string) // -> same as AutocompleteNamespace with "auto", "keep-id" added func AutocompleteUserNamespace(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { results, directive := AutocompleteNamespace(cmd, args, toComplete) - results = append(results, "auto", "keep-id") + results = append(results, "auto", "keep-id", "nomap") return results, directive } |