summaryrefslogtreecommitdiff
path: root/libpod/container_internal_linux.go
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2021-01-07 09:35:01 -0500
committerGitHub <noreply@github.com>2021-01-07 09:35:01 -0500
commit74af9254b98eb21e25c9776b0cf0664d3cb2c46e (patch)
tree457ea2121a022d0f9faa08e9c5347ff093e1515c /libpod/container_internal_linux.go
parenta47515008b3c0dde9f161faa0d9f455ca6772393 (diff)
parentecedda63a6488162c9aad2a99c1ada172340ac7f (diff)
downloadpodman-74af9254b98eb21e25c9776b0cf0664d3cb2c46e.tar.gz
podman-74af9254b98eb21e25c9776b0cf0664d3cb2c46e.tar.bz2
podman-74af9254b98eb21e25c9776b0cf0664d3cb2c46e.zip
Merge pull request #8816 from giuseppe/automatically-split-userns-mappings
rootless: automatically split userns ranges
Diffstat (limited to 'libpod/container_internal_linux.go')
-rw-r--r--libpod/container_internal_linux.go8
1 files changed, 8 insertions, 0 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index cefe12209..bc8f0f932 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -529,6 +529,13 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
}
}
+ availableUIDs, availableGIDs, err := rootless.GetAvailableIDMaps()
+ if err != nil {
+ return nil, err
+ }
+ g.Config.Linux.UIDMappings = rootless.MaybeSplitMappings(g.Config.Linux.UIDMappings, availableUIDs)
+ g.Config.Linux.GIDMappings = rootless.MaybeSplitMappings(g.Config.Linux.GIDMappings, availableGIDs)
+
// Hostname handling:
// If we have a UTS namespace, set Hostname in the OCI spec.
// Set the HOSTNAME environment variable unless explicitly overridden by
@@ -536,6 +543,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
// set it to the host's hostname instead.
hostname := c.Hostname()
foundUTS := false
+
for _, i := range c.config.Spec.Linux.Namespaces {
if i.Type == spec.UTSNamespace && i.Path == "" {
foundUTS = true