Merge pull request #3639 from giuseppe/user-ns-container

podman: support --userns=ns|container

1 files changed, 18 insertions, 4 deletions

diff --git a/pkg/adapter/pods.go b/pkg/adapter/pods.go
index 5960fac60..b9d7fcd9b 100644
--- a/pkg/adapter/pods.go
+++ b/pkg/adapter/pods.go
@@ -492,14 +492,28 @@ func (r *LocalRuntime) PlayKubeYAML(ctx context.Context, c *cliconfig.KubePlayVa
 	if err != nil {
 		return nil, err
 	}
+	hasUserns := false
+	if podInfraID != "" {
+		podCtr, err := r.GetContainer(podInfraID)
+		if err != nil {
+			return nil, err
+		}
+		mappings, err := podCtr.IDMappings()
+		if err != nil {
+			return nil, err
+		}
+		hasUserns = len(mappings.UIDMap) > 0
+	}
 
 	namespaces := map[string]string{
 		// Disabled during code review per mheon
 		//"pid":  fmt.Sprintf("container:%s", podInfraID),
-		"net":  fmt.Sprintf("container:%s", podInfraID),
-		"user": fmt.Sprintf("container:%s", podInfraID),
-		"ipc":  fmt.Sprintf("container:%s", podInfraID),
-		"uts":  fmt.Sprintf("container:%s", podInfraID),
+		"net": fmt.Sprintf("container:%s", podInfraID),
+		"ipc": fmt.Sprintf("container:%s", podInfraID),
+		"uts": fmt.Sprintf("container:%s", podInfraID),
+	}
+	if hasUserns {
+		namespaces["user"] = fmt.Sprintf("container:%s", podInfraID)
 	}
 	if !c.Quiet {
 		writer = os.Stderr