diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2019-11-04 18:07:58 -0500 |
---|---|---|
committer | Daniel J Walsh <dwalsh@redhat.com> | 2019-11-06 10:35:37 -0500 |
commit | a6108f1c19f4432eff4ee1e52eef9e60d13329e5 (patch) | |
tree | d1451bc83388799088ef0134b4cd27aa1458133b /libpod | |
parent | 581a7ec2984c2c125ff255c9aca62f2547c7d46f (diff) | |
download | podman-a6108f1c19f4432eff4ee1e52eef9e60d13329e5.tar.gz podman-a6108f1c19f4432eff4ee1e52eef9e60d13329e5.tar.bz2 podman-a6108f1c19f4432eff4ee1e52eef9e60d13329e5.zip |
Add support for RunAsUser and RunAsGroup
Currently podman generate kube does not generate the correct RunAsUser and RunAsGroup
options in the yaml file. This patch fixes this.
This patch also make `podman play kube` use the RunAdUser and RunAsGroup options if
they are specified in the yaml file.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'libpod')
-rw-r--r-- | libpod/kube.go | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/libpod/kube.go b/libpod/kube.go index d0e7baf95..47a77991e 100644 --- a/libpod/kube.go +++ b/libpod/kube.go @@ -487,13 +487,16 @@ func generateKubeSecurityContext(c *Container) (*v1.SecurityContext, error) { if err := c.syncContainer(); err != nil { return nil, errors.Wrapf(err, "unable to sync container during YAML generation") } + logrus.Debugf("Looking in container for user: %s", c.User()) - u, err := lookup.GetUser(c.state.Mountpoint, c.User()) + execUser, err := lookup.GetUserGroupInfo(c.state.Mountpoint, c.User(), nil) if err != nil { return nil, err } - user := int64(u.Uid) - sc.RunAsUser = &user + uid := int64(execUser.Uid) + gid := int64(execUser.Gid) + sc.RunAsUser = &uid + sc.RunAsGroup = &gid } return &sc, nil } |