diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2022-01-18 06:08:06 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-01-18 06:08:06 -0500 |
commit | d0eb24bae0023848447568d024acdaadb632edfe (patch) | |
tree | 43461089256941739fc91e525229e670b26697d6 /libpod | |
parent | 02502e2c14efe99b8179ca23f3341254c9f39351 (diff) | |
parent | 10d969ff1a15e8f53eb5a2fa7eb8cfb321609b55 (diff) | |
download | podman-d0eb24bae0023848447568d024acdaadb632edfe.tar.gz podman-d0eb24bae0023848447568d024acdaadb632edfe.tar.bz2 podman-d0eb24bae0023848447568d024acdaadb632edfe.zip |
Merge pull request #12870 from rhatdan/userns1
Use PODMAN_USERNS environment variable when running as a service
Diffstat (limited to 'libpod')
-rw-r--r-- | libpod/container_inspect.go | 16 | ||||
-rw-r--r-- | libpod/define/container_inspect.go | 8 |
2 files changed, 23 insertions, 1 deletions
diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go index 615a7522b..086d51f04 100644 --- a/libpod/container_inspect.go +++ b/libpod/container_inspect.go @@ -9,6 +9,7 @@ import ( "github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/libpod/driver" "github.com/containers/podman/v3/pkg/util" + "github.com/containers/storage/types" units "github.com/docker/go-units" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" @@ -403,6 +404,17 @@ func (c *Container) generateInspectContainerConfig(spec *spec.Spec) *define.Insp return ctrConfig } +func generateIDMappings(idMappings types.IDMappingOptions) *define.InspectIDMappings { + var inspectMappings define.InspectIDMappings + for _, uid := range idMappings.UIDMap { + inspectMappings.UIDMap = append(inspectMappings.UIDMap, fmt.Sprintf("%d:%d:%d", uid.ContainerID, uid.HostID, uid.Size)) + } + for _, gid := range idMappings.GIDMap { + inspectMappings.GIDMap = append(inspectMappings.GIDMap, fmt.Sprintf("%d:%d:%d", gid.ContainerID, gid.HostID, gid.Size)) + } + return &inspectMappings +} + // Generate the InspectContainerHostConfig struct for the HostConfig field of // Inspect. func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, namedVolumes []*ContainerNamedVolume, mounts []spec.Mount) (*define.InspectContainerHostConfig, error) { @@ -815,7 +827,9 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named } } hostConfig.UsernsMode = usernsMode - + if c.config.IDMappings.UIDMap != nil && c.config.IDMappings.GIDMap != nil { + hostConfig.IDMappings = generateIDMappings(c.config.IDMappings) + } // Devices // Do not include if privileged - assumed that all devices will be // included. diff --git a/libpod/define/container_inspect.go b/libpod/define/container_inspect.go index 6db1b025e..804b2b143 100644 --- a/libpod/define/container_inspect.go +++ b/libpod/define/container_inspect.go @@ -6,6 +6,11 @@ import ( "github.com/containers/image/v5/manifest" ) +type InspectIDMappings struct { + UIDMap []string `json:"UidMap"` + GIDMap []string `json:"GidMap"` +} + // InspectContainerConfig holds further data about how a container was initially // configured. type InspectContainerConfig struct { @@ -401,7 +406,10 @@ type InspectContainerHostConfig struct { // TODO Rootless has an additional 'keep-id' option, presently not // reflected here. UsernsMode string `json:"UsernsMode"` + // IDMappings is the UIDMapping and GIDMapping used within the container + IDMappings *InspectIDMappings `json:"IDMappings,omitempty"` // ShmSize is the size of the container's SHM device. + ShmSize int64 `json:"ShmSize"` // Runtime is provided purely for Docker compatibility. // It is set unconditionally to "oci" as Podman does not presently |