summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2020-06-02 20:51:13 +0200
committerGitHub <noreply@github.com>2020-06-02 20:51:13 +0200
commitc4ccd7cbc1509bab6183c47f740cbf2cc4ee0424 (patch)
treee93a98054a8cb3f956aaf94b96705371f80cbdcc /libpod
parent37ac21ff085b6e17adec3c0d9945524aa41029ae (diff)
parent77e4b077b9d8989b1300689103a5489bd1ad9a8b (diff)
downloadpodman-c4ccd7cbc1509bab6183c47f740cbf2cc4ee0424.tar.gz
podman-c4ccd7cbc1509bab6183c47f740cbf2cc4ee0424.tar.bz2
podman-c4ccd7cbc1509bab6183c47f740cbf2cc4ee0424.zip
Merge pull request #6435 from QiWang19/uid
check --user range for rootless containers
Diffstat (limited to 'libpod')
-rw-r--r--libpod/container_internal_linux.go5
1 files changed, 5 insertions, 0 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 2bd6099f0..d08e012a6 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -325,6 +325,11 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
}
if c.config.User != "" {
+ if rootless.IsRootless() {
+ if err := util.CheckRootlessUIDRange(execUser.Uid); err != nil {
+ return nil, err
+ }
+ }
// User and Group must go together
g.SetProcessUID(uint32(execUser.Uid))
g.SetProcessGID(uint32(execUser.Gid))
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-12-30 23:14:38 +0000