summaryrefslogtreecommitdiff
path: root/libpod/container_internal_linux.go
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2019-07-24 11:20:31 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2019-07-25 23:04:55 +0200
commit1d72f651e4c5118c020a1ab7281d3de0bf31899e (patch)
tree349a0ac5be0a70963448420ede6bc84f8f51ece5 /libpod/container_internal_linux.go
parentba5741e3986bff0974989a3c662895aabb329f4c (diff)
downloadpodman-1d72f651e4c5118c020a1ab7281d3de0bf31899e.tar.gz
podman-1d72f651e4c5118c020a1ab7281d3de0bf31899e.tar.bz2
podman-1d72f651e4c5118c020a1ab7281d3de0bf31899e.zip
podman: support --userns=ns|container
allow to join the user namespace of another container. Closes: https://github.com/containers/libpod/issues/3629 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'libpod/container_internal_linux.go')
-rw-r--r--libpod/container_internal_linux.go5
1 files changed, 5 insertions, 0 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 6e775cd28..afcf51a11 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -318,6 +318,11 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
if err := c.addNamespaceContainer(&g, UserNS, c.config.UserNsCtr, spec.UserNamespace); err != nil {
return nil, err
}
+ if len(g.Config.Linux.UIDMappings) == 0 {
+ // runc complains if no mapping is specified, even if we join another ns. So provide a dummy mapping
+ g.AddLinuxUIDMapping(uint32(0), uint32(0), uint32(1))
+ g.AddLinuxGIDMapping(uint32(0), uint32(0), uint32(1))
+ }
}
if c.config.UTSNsCtr != "" {
if err := c.addNamespaceContainer(&g, UTSNS, c.config.UTSNsCtr, spec.UTSNamespace); err != nil {