Podman run --passwd

added support for a new flag --passwd which, when false prohibits podman from creating entries in /etc/passwd and /etc/groups allowing users to modify those files in the container entrypoint resolves #11805 Signed-off-by: cdoern <cdoern@redhat.com>
author: cdoern <cdoern@redhat.com> 2021-12-20 10:23:08 -0500
committer: cdoern <cdoern@redhat.com> 2021-12-21 17:19:41 -0500
commit: 20ce6e5c6031bd4180514ec412760a294f8a83a2 (patch)
tree: d725886615e4353e46cd30a73df188257ff7ade0 /pkg/api
parent: f45070ee0e63ea26e475e618ff32a498096fa561 (diff)
download: podman-20ce6e5c6031bd4180514ec412760a294f8a83a2.tar.gz
podman-20ce6e5c6031bd4180514ec412760a294f8a83a2.tar.bz2
podman-20ce6e5c6031bd4180514ec412760a294f8a83a2.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/pkg/api/handlers/libpod/containers_create.go b/pkg/api/handlers/libpod/containers_create.go
index 77bfe7b50..d1841769a 100644
--- a/pkg/api/handlers/libpod/containers_create.go
+++ b/pkg/api/handlers/libpod/containers_create.go
@@ -19,11 +19,15 @@ import (
 func CreateContainer(w http.ResponseWriter, r *http.Request) {
 	runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
 	var sg specgen.SpecGenerator
+
 	if err := json.NewDecoder(r.Body).Decode(&sg); err != nil {
 		utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "Decode()"))
 		return
 	}
-
+	if sg.Passwd == nil {
+		t := true
+		sg.Passwd = &t
+	}
 	warn, err := generate.CompleteSpec(r.Context(), runtime, &sg)
 	if err != nil {
 		utils.InternalServerError(w, err)
author	cdoern <cdoern@redhat.com>	2021-12-20 10:23:08 -0500
committer	cdoern <cdoern@redhat.com>	2021-12-21 17:19:41 -0500
commit	20ce6e5c6031bd4180514ec412760a294f8a83a2 (patch)
tree	d725886615e4353e46cd30a73df188257ff7ade0 /pkg/api
parent	f45070ee0e63ea26e475e618ff32a498096fa561 (diff)
download	podman-20ce6e5c6031bd4180514ec412760a294f8a83a2.tar.gz podman-20ce6e5c6031bd4180514ec412760a294f8a83a2.tar.bz2 podman-20ce6e5c6031bd4180514ec412760a294f8a83a2.zip