diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-12-22 12:09:56 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-12-22 12:09:56 +0100 |
commit | 85f21fb2bd39d76300ab61a1fb1207405e05f9d2 (patch) | |
tree | 342fb99e4c547e9818805bad80b8ccf58427c340 /libpod | |
parent | d2fcfef8b07532dc7418079160f0d6b989143c25 (diff) | |
parent | 20ce6e5c6031bd4180514ec412760a294f8a83a2 (diff) | |
download | podman-85f21fb2bd39d76300ab61a1fb1207405e05f9d2.tar.gz podman-85f21fb2bd39d76300ab61a1fb1207405e05f9d2.tar.bz2 podman-85f21fb2bd39d76300ab61a1fb1207405e05f9d2.zip |
Merge pull request #12664 from cdoern/noManagePasswd
Podman run --passwd
Diffstat (limited to 'libpod')
-rw-r--r-- | libpod/container_config.go | 2 | ||||
-rw-r--r-- | libpod/container_inspect.go | 2 | ||||
-rw-r--r-- | libpod/container_internal_linux.go | 32 | ||||
-rw-r--r-- | libpod/define/container_inspect.go | 2 | ||||
-rw-r--r-- | libpod/options.go | 11 |
5 files changed, 34 insertions, 15 deletions
diff --git a/libpod/container_config.go b/libpod/container_config.go index adc585fa1..db65063b5 100644 --- a/libpod/container_config.go +++ b/libpod/container_config.go @@ -163,6 +163,8 @@ type ContainerRootFSConfig struct { // Volatile specifies whether the container storage can be optimized // at the cost of not syncing all the dirty files in memory. Volatile bool `json:"volatile,omitempty"` + // Passwd allows to user to override podman's passwd/group file setup + Passwd *bool `json:"passwd,omitempty"` } // ContainerSecurityConfig is an embedded sub-config providing security configuration diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go index 439328ea8..b065dd1f9 100644 --- a/libpod/container_inspect.go +++ b/libpod/container_inspect.go @@ -377,6 +377,8 @@ func (c *Container) generateInspectContainerConfig(spec *spec.Spec) *define.Insp ctrConfig.Umask = c.config.Umask } + ctrConfig.Passwd = c.config.Passwd + return ctrConfig } diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 9e6ae9f02..dcffc4292 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -1767,21 +1767,23 @@ func (c *Container) makeBindMounts() error { // SHM is always added when we mount the container c.state.BindMounts["/dev/shm"] = c.config.ShmDir - newPasswd, newGroup, err := c.generatePasswdAndGroup() - if err != nil { - return errors.Wrapf(err, "error creating temporary passwd file for container %s", c.ID()) - } - if newPasswd != "" { - // Make /etc/passwd - // If it already exists, delete so we can recreate - delete(c.state.BindMounts, "/etc/passwd") - c.state.BindMounts["/etc/passwd"] = newPasswd - } - if newGroup != "" { - // Make /etc/group - // If it already exists, delete so we can recreate - delete(c.state.BindMounts, "/etc/group") - c.state.BindMounts["/etc/group"] = newGroup + if c.config.Passwd != nil && *c.config.Passwd { + newPasswd, newGroup, err := c.generatePasswdAndGroup() + if err != nil { + return errors.Wrapf(err, "error creating temporary passwd file for container %s", c.ID()) + } + if newPasswd != "" { + // Make /etc/passwd + // If it already exists, delete so we can recreate + delete(c.state.BindMounts, "/etc/passwd") + c.state.BindMounts["/etc/passwd"] = newPasswd + } + if newGroup != "" { + // Make /etc/group + // If it already exists, delete so we can recreate + delete(c.state.BindMounts, "/etc/group") + c.state.BindMounts["/etc/group"] = newGroup + } } // Make /etc/hostname diff --git a/libpod/define/container_inspect.go b/libpod/define/container_inspect.go index a4d9bcf4f..ba73e4196 100644 --- a/libpod/define/container_inspect.go +++ b/libpod/define/container_inspect.go @@ -68,6 +68,8 @@ type InspectContainerConfig struct { Timeout uint `json:"Timeout"` // StopTimeout is time before container is stopped when calling stop StopTimeout uint `json:"StopTimeout"` + // Passwd determines whether or not podman can add entries to /etc/passwd and /etc/group + Passwd *bool `json:"Passwd,omitempty"` } // InspectRestartPolicy holds information about the container's restart policy. diff --git a/libpod/options.go b/libpod/options.go index e6fa987a8..85d7b4689 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -1794,6 +1794,17 @@ func WithHostDevice(dev []specs.LinuxDevice) CtrCreateOption { } } +// WithSelectedPasswordManagement makes it so that the container either does or does not setup /etc/passwd or /etc/group +func WithSelectedPasswordManagement(passwd *bool) CtrCreateOption { + return func(c *Container) error { + if c.valid { + return define.ErrCtrFinalized + } + c.config.Passwd = passwd + return nil + } +} + // Pod Creation Options // WithPodCreateCommand adds the full command plus arguments of the current |