diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-04-22 09:29:28 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-04-22 09:29:28 -0400 |
| commit | 21c77846e4b441d1da4a27a416c2f4dcd8e68cff (patch) | |
| tree | 240e96a556c3612b538a2c1bbc04c410e81f857f /cmd | |
| parent | a67aec72eda161876b9ba6d4d31af0d7de8fc824 (diff) | |
| parent | e356160f415b6111df09af214f0dea299e78ad04 (diff) | |
| download | podman-21c77846e4b441d1da4a27a416c2f4dcd8e68cff.tar.gz podman-21c77846e4b441d1da4a27a416c2f4dcd8e68cff.tar.bz2 podman-21c77846e4b441d1da4a27a416c2f4dcd8e68cff.zip | |
Merge pull request #9495 from rhatdan/groups
Add '--group-add keep-groups': supplementary groups into container
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/podman/common/create.go | 2 | ||||
| -rw-r--r-- | cmd/podman/containers/create.go | 19 | ||||
| -rw-r--r-- | cmd/podman/machine/stop.go | 2 |
3 files changed, 21 insertions, 2 deletions
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go index da391d30d..d496ae308 100644 --- a/cmd/podman/common/create.go +++ b/cmd/podman/common/create.go @@ -277,7 +277,7 @@ func DefineCreateFlags(cmd *cobra.Command, cf *ContainerCLIOpts) { createFlags.StringSliceVar( &cf.GroupAdd, groupAddFlagName, []string{}, - "Add additional groups to join", + "Add additional groups to the primary container process. 'keep-groups' allows container processes to use suplementary groups.", ) _ = cmd.RegisterFlagCompletionFunc(groupAddFlagName, completion.AutocompleteNone) diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go index 507e9c221..3f495e19b 100644 --- a/cmd/podman/containers/create.go +++ b/cmd/podman/containers/create.go @@ -193,6 +193,25 @@ func createInit(c *cobra.Command) error { val := c.Flag("entrypoint").Value.String() cliVals.Entrypoint = &val } + + if c.Flags().Changed("group-add") { + groups := []string{} + for _, g := range cliVals.GroupAdd { + if g == "keep-groups" { + if len(cliVals.GroupAdd) > 1 { + return errors.New("the '--group-add keep-groups' option is not allowed with any other --group-add options") + } + if registry.IsRemote() { + return errors.New("the '--group-add keep-groups' option is not supported in remote mode") + } + cliVals.Annotation = append(cliVals.Annotation, "run.oci.keep_original_groups=1") + } else { + groups = append(groups, g) + } + } + cliVals.GroupAdd = groups + } + if c.Flags().Changed("pids-limit") { val := c.Flag("pids-limit").Value.String() pidsLimit, err := strconv.ParseInt(val, 10, 32) diff --git a/cmd/podman/machine/stop.go b/cmd/podman/machine/stop.go index 4235b64f1..4307d3eeb 100644 --- a/cmd/podman/machine/stop.go +++ b/cmd/podman/machine/stop.go @@ -30,7 +30,7 @@ func init() { }) } -// TODO Name shouldnt be required, need to create a default vm +// TODO Name shouldn't be required, need to create a default vm func stop(cmd *cobra.Command, args []string) error { var ( err error |