Podman run --passwd

added support for a new flag --passwd which, when false prohibits podman from creating entries in /etc/passwd and /etc/groups allowing users to modify those files in the container entrypoint resolves #11805 Signed-off-by: cdoern <cdoern@redhat.com>
author: cdoern <cdoern@redhat.com> 2021-12-20 10:23:08 -0500
committer: cdoern <cdoern@redhat.com> 2021-12-21 17:19:41 -0500
commit: 20ce6e5c6031bd4180514ec412760a294f8a83a2 (patch)
tree: d725886615e4353e46cd30a73df188257ff7ade0 /libpod/define
parent: f45070ee0e63ea26e475e618ff32a498096fa561 (diff)
download: podman-20ce6e5c6031bd4180514ec412760a294f8a83a2.tar.gz
podman-20ce6e5c6031bd4180514ec412760a294f8a83a2.tar.bz2
podman-20ce6e5c6031bd4180514ec412760a294f8a83a2.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/libpod/define/container_inspect.go b/libpod/define/container_inspect.go
index a4d9bcf4f..ba73e4196 100644
--- a/libpod/define/container_inspect.go
+++ b/libpod/define/container_inspect.go
@@ -68,6 +68,8 @@ type InspectContainerConfig struct {
 	Timeout uint `json:"Timeout"`
 	// StopTimeout is time before container is stopped when calling stop
 	StopTimeout uint `json:"StopTimeout"`
+	// Passwd determines whether or not podman can add entries to /etc/passwd and /etc/group
+	Passwd *bool `json:"Passwd,omitempty"`
 }
 
 // InspectRestartPolicy holds information about the container's restart policy.
author	cdoern <cdoern@redhat.com>	2021-12-20 10:23:08 -0500
committer	cdoern <cdoern@redhat.com>	2021-12-21 17:19:41 -0500
commit	20ce6e5c6031bd4180514ec412760a294f8a83a2 (patch)
tree	d725886615e4353e46cd30a73df188257ff7ade0 /libpod/define
parent	f45070ee0e63ea26e475e618ff32a498096fa561 (diff)
download	podman-20ce6e5c6031bd4180514ec412760a294f8a83a2.tar.gz podman-20ce6e5c6031bd4180514ec412760a294f8a83a2.tar.bz2 podman-20ce6e5c6031bd4180514ec412760a294f8a83a2.zip