Podman run --passwd

added support for a new flag --passwd which, when false prohibits podman from creating entries in /etc/passwd and /etc/groups allowing users to modify those files in the container entrypoint resolves #11805 Signed-off-by: cdoern <cdoern@redhat.com>
author: cdoern <cdoern@redhat.com> 2021-12-20 10:23:08 -0500
committer: cdoern <cdoern@redhat.com> 2021-12-21 17:19:41 -0500
commit: 20ce6e5c6031bd4180514ec412760a294f8a83a2 (patch)
tree: d725886615e4353e46cd30a73df188257ff7ade0 /libpod/options.go
parent: f45070ee0e63ea26e475e618ff32a498096fa561 (diff)
download: podman-20ce6e5c6031bd4180514ec412760a294f8a83a2.tar.gz
podman-20ce6e5c6031bd4180514ec412760a294f8a83a2.tar.bz2
podman-20ce6e5c6031bd4180514ec412760a294f8a83a2.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/libpod/options.go b/libpod/options.go
index e6fa987a8..85d7b4689 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -1794,6 +1794,17 @@ func WithHostDevice(dev []specs.LinuxDevice) CtrCreateOption {
 	}
 }
 
+// WithSelectedPasswordManagement makes it so that the container either does or does not setup /etc/passwd or /etc/group
+func WithSelectedPasswordManagement(passwd *bool) CtrCreateOption {
+	return func(c *Container) error {
+		if c.valid {
+			return define.ErrCtrFinalized
+		}
+		c.config.Passwd = passwd
+		return nil
+	}
+}
+
 // Pod Creation Options
 
 // WithPodCreateCommand adds the full command plus arguments of the current
author	cdoern <cdoern@redhat.com>	2021-12-20 10:23:08 -0500
committer	cdoern <cdoern@redhat.com>	2021-12-21 17:19:41 -0500
commit	20ce6e5c6031bd4180514ec412760a294f8a83a2 (patch)
tree	d725886615e4353e46cd30a73df188257ff7ade0 /libpod/options.go
parent	f45070ee0e63ea26e475e618ff32a498096fa561 (diff)
download	podman-20ce6e5c6031bd4180514ec412760a294f8a83a2.tar.gz podman-20ce6e5c6031bd4180514ec412760a294f8a83a2.tar.bz2 podman-20ce6e5c6031bd4180514ec412760a294f8a83a2.zip