diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2020-12-11 15:35:41 +0100 |
|---|---|---|
| committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2020-12-11 15:43:33 +0100 |
| commit | f711f5a68de98b911ef31676843e6d463cc47f69 (patch) | |
| tree | 1983c93ac4a096c1b9dca9296197b0071456bc18 /libpod | |
| parent | deb00425c2984ea42158ce6afec74474de998bfd (diff) | |
| download | podman-f711f5a68de98b911ef31676843e6d463cc47f69.tar.gz podman-f711f5a68de98b911ef31676843e6d463cc47f69.tar.bz2 podman-f711f5a68de98b911ef31676843e6d463cc47f69.zip | |
podman: drop checking valid rootless UID
do not check whether the specified ID is valid in the user namespace.
crun handles this case[1], so the check in Podman prevents to get to
the OCI runtime at all.
$ podman run --user 10:0 --uidmap 0:0:1 --rm -ti fedora:33 sh -c 'id; cat /proc/self/uid_map'
uid=10(10) gid=0(root) groups=0(root),65534(nobody)
10 0 1
[1] https://github.com/containers/crun/pull/556
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/container_internal_linux.go | 5 |
1 files changed, 0 insertions, 5 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 1bf044f9d..dc1a64863 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -424,11 +424,6 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { } if c.config.User != "" { - if rootless.IsRootless() { - if err := util.CheckRootlessUIDRange(execUser.Uid); err != nil { - return nil, err - } - } // User and Group must go together g.SetProcessUID(uint32(execUser.Uid)) g.SetProcessGID(uint32(execUser.Gid)) |