summaryrefslogtreecommitdiff
path: root/libpod/container_internal.go
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2018-04-23 20:42:53 -0400
committerAtomic Bot <atomic-devel@projectatomic.io>2018-05-04 17:15:55 +0000
commitb51d7379987581da82902027fe91cdf298047bc0 (patch)
treef9d7fbebf3b946caea5eb5e2c626a19413c795c8 /libpod/container_internal.go
parent1f5debd43806cc3bd07f562ff00ef4c426540f98 (diff)
downloadpodman-b51d7379987581da82902027fe91cdf298047bc0.tar.gz
podman-b51d7379987581da82902027fe91cdf298047bc0.tar.bz2
podman-b51d7379987581da82902027fe91cdf298047bc0.zip
Begin wiring in USERNS Support into podman
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #690 Approved by: mheon
Diffstat (limited to 'libpod/container_internal.go')
-rw-r--r--libpod/container_internal.go16
1 files changed, 11 insertions, 5 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 614c6aca0..73095316e 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -190,7 +190,8 @@ func (c *Container) setupStorage(ctx context.Context) error {
return errors.Wrapf(ErrInvalidArg, "must provide image ID and image name to use an image")
}
- containerInfo, err := c.runtime.storageService.CreateContainerStorage(ctx, c.runtime.imageContext, c.config.RootfsImageName, c.config.RootfsImageID, c.config.Name, c.config.ID, c.config.MountLabel)
+ options := storage.ContainerOptions{IDMappingOptions: c.config.IDMappings}
+ containerInfo, err := c.runtime.storageService.CreateContainerStorage(ctx, c.runtime.imageContext, c.config.RootfsImageName, c.config.RootfsImageID, c.config.Name, c.config.ID, c.config.MountLabel, &options)
if err != nil {
return errors.Wrapf(err, "error creating container storage")
}
@@ -591,6 +592,9 @@ func (c *Container) mountStorage() (err error) {
label.FormatMountLabel(shmOptions, c.config.MountLabel)); err != nil {
return errors.Wrapf(err, "failed to mount shm tmpfs %q", c.config.ShmDir)
}
+ if err := os.Chown(c.config.ShmDir, c.RootUID(), c.RootGID()); err != nil {
+ return err
+ }
}
mountPoint, err := c.runtime.storageService.MountContainerImage(c.ID())
@@ -755,7 +759,7 @@ func (c *Container) makeBindMounts() error {
}
// Add Secret Mounts
- secretMounts := secrets.SecretMounts(c.config.MountLabel, c.state.RunDir, c.runtime.config.DefaultMountsFile)
+ secretMounts := secrets.SecretMountsWithUIDGID(c.config.MountLabel, c.state.RunDir, c.runtime.config.DefaultMountsFile, c.RootUID(), c.RootGID())
for _, mount := range secretMounts {
if _, ok := c.state.BindMounts[mount.Destination]; !ok {
c.state.BindMounts[mount.Destination] = mount.Source
@@ -772,10 +776,12 @@ func (c *Container) writeStringToRundir(destFile, output string) (string, error)
if err != nil {
return "", errors.Wrapf(err, "unable to create %s", destFileName)
}
-
defer f.Close()
- _, err = f.WriteString(output)
- if err != nil {
+ if err := f.Chown(c.RootUID(), c.RootGID()); err != nil {
+ return "", err
+ }
+
+ if _, err := f.WriteString(output); err != nil {
return "", errors.Wrapf(err, "unable to write %s", destFileName)
}
// Relabel runDirResolv for the container