diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2020-02-24 17:38:06 +0100 |
|---|---|---|
| committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2020-04-06 16:32:36 +0200 |
| commit | 3a0a727110c59332e1a0f5b4a5be311244668a8c (patch) | |
| tree | ff1afd6d97f329718f15dd541aa95e721690fe65 /libpod/container_internal.go | |
| parent | 5b853bb272a754a54fa78a3e619de0304864151f (diff) | |
| download | podman-3a0a727110c59332e1a0f5b4a5be311244668a8c.tar.gz podman-3a0a727110c59332e1a0f5b4a5be311244668a8c.tar.bz2 podman-3a0a727110c59332e1a0f5b4a5be311244668a8c.zip | |
userns: support --userns=auto
automatically pick an empty range and create an user namespace for the
container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'libpod/container_internal.go')
| -rw-r--r-- | libpod/container_internal.go | 40 |
1 files changed, 32 insertions, 8 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 4e18819b8..c930017a4 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -339,6 +339,29 @@ func (c *Container) syncContainer() error { return nil } +func (c *Container) setupStorageMapping(dest, from *storage.IDMappingOptions) { + if c.config.Rootfs != "" { + return + } + *dest = *from + if dest.AutoUserNs { + overrides := c.getUserOverrides() + dest.AutoUserNsOpts.PasswdFile = overrides.ContainerEtcPasswdPath + dest.AutoUserNsOpts.GroupFile = overrides.ContainerEtcGroupPath + if c.config.User != "" { + initialSize := uint32(0) + parts := strings.Split(c.config.User, ":") + for _, p := range parts { + s, err := strconv.ParseUint(p, 10, 32) + if err == nil && uint32(s) > initialSize { + initialSize = uint32(s) + } + } + dest.AutoUserNsOpts.InitialSize = initialSize + 1 + } + } +} + // Create container root filesystem for use func (c *Container) setupStorage(ctx context.Context) error { span, _ := opentracing.StartSpanFromContext(ctx, "setupStorage") @@ -398,14 +421,20 @@ func (c *Container) setupStorage(ctx context.Context) error { options.MountOpts = newOptions } - if c.config.Rootfs == "" { - options.IDMappingOptions = c.config.IDMappings - } + c.setupStorageMapping(&options.IDMappingOptions, &c.config.IDMappings) + containerInfo, err := c.runtime.storageService.CreateContainerStorage(ctx, c.runtime.imageContext, c.config.RootfsImageName, c.config.RootfsImageID, c.config.Name, c.config.ID, options) if err != nil { return errors.Wrapf(err, "error creating container storage") } + c.config.IDMappings.UIDMap = containerInfo.UIDMap + c.config.IDMappings.GIDMap = containerInfo.GIDMap + c.config.ProcessLabel = containerInfo.ProcessLabel + c.config.MountLabel = containerInfo.MountLabel + c.config.StaticDir = containerInfo.Dir + c.state.RunDir = containerInfo.RunDir + if len(c.config.IDMappings.UIDMap) != 0 || len(c.config.IDMappings.GIDMap) != 0 { if err := os.Chown(containerInfo.RunDir, c.RootUID(), c.RootGID()); err != nil { return err @@ -416,11 +445,6 @@ func (c *Container) setupStorage(ctx context.Context) error { } } - c.config.ProcessLabel = containerInfo.ProcessLabel - c.config.MountLabel = containerInfo.MountLabel - c.config.StaticDir = containerInfo.Dir - c.state.RunDir = containerInfo.RunDir - // Set the default Entrypoint and Command if containerInfo.Config != nil { if c.config.Entrypoint == nil { |