diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2020-06-10 14:45:11 +0200 |
---|---|---|
committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2020-06-10 14:46:48 +0200 |
commit | a389eab8d116f406aba6a4fd1dd5a545e536e88b (patch) | |
tree | 6cb96cde7b4aaf6ee603e82d50b7f95db0d17714 /libpod | |
parent | 63468464e8365adefebee7127be888ea649edd8e (diff) | |
download | podman-a389eab8d116f406aba6a4fd1dd5a545e536e88b.tar.gz podman-a389eab8d116f406aba6a4fd1dd5a545e536e88b.tar.bz2 podman-a389eab8d116f406aba6a4fd1dd5a545e536e88b.zip |
container: make resolv.conf and hosts accessible in userns
when running in a new userns, make sure the resolv.conf and hosts
files bind mounted from another container are accessible to root in
the userns.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'libpod')
-rw-r--r-- | libpod/container_internal_linux.go | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index d08e012a6..e0cd39ee5 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -1171,6 +1171,15 @@ func (c *Container) makeBindMounts() error { // finally, save it in the new container c.state.BindMounts["/etc/hosts"] = hostsPath } + + if !hasCurrentUserMapped(c) { + if err := makeAccessible(resolvPath, c.RootUID(), c.RootGID()); err != nil { + return err + } + if err := makeAccessible(hostsPath, c.RootUID(), c.RootGID()); err != nil { + return err + } + } } else { if !c.config.UseImageResolvConf { newResolv, err := c.generateResolvConf() |