summaryrefslogtreecommitdiff
path: root/pkg/namespaces
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2019-07-24 11:20:31 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2019-07-25 23:04:55 +0200
commit1d72f651e4c5118c020a1ab7281d3de0bf31899e (patch)
tree349a0ac5be0a70963448420ede6bc84f8f51ece5 /pkg/namespaces
parentba5741e3986bff0974989a3c662895aabb329f4c (diff)
downloadpodman-1d72f651e4c5118c020a1ab7281d3de0bf31899e.tar.gz
podman-1d72f651e4c5118c020a1ab7281d3de0bf31899e.tar.bz2
podman-1d72f651e4c5118c020a1ab7281d3de0bf31899e.zip
podman: support --userns=ns|container
allow to join the user namespace of another container. Closes: https://github.com/containers/libpod/issues/3629 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'pkg/namespaces')
-rw-r--r--pkg/namespaces/namespaces.go29
1 files changed, 26 insertions, 3 deletions
diff --git a/pkg/namespaces/namespaces.go b/pkg/namespaces/namespaces.go
index 7ed95bd0f..35298796f 100644
--- a/pkg/namespaces/namespaces.go
+++ b/pkg/namespaces/namespaces.go
@@ -76,27 +76,50 @@ func (n UsernsMode) IsKeepID() bool {
// IsPrivate indicates whether the container uses the a private userns.
func (n UsernsMode) IsPrivate() bool {
- return !(n.IsHost())
+ return !(n.IsHost() || n.IsContainer())
}
// Valid indicates whether the userns is valid.
func (n UsernsMode) Valid() bool {
parts := strings.Split(string(n), ":")
switch mode := parts[0]; mode {
- case "", "host", "keep-id":
+ case "", "host", "keep-id", "ns":
+ case "container":
+ if len(parts) != 2 || parts[1] == "" {
+ return false
+ }
default:
return false
}
return true
}
+// IsNS indicates a userns namespace passed in by path (ns:<path>)
+func (n UsernsMode) IsNS() bool {
+ return strings.HasPrefix(string(n), "ns:")
+}
+
+// NS gets the path associated with a ns:<path> userns ns
+func (n UsernsMode) NS() string {
+ parts := strings.SplitN(string(n), ":", 2)
+ if len(parts) > 1 {
+ return parts[1]
+ }
+ return ""
+}
+
// IsContainer indicates whether container uses a container userns.
func (n UsernsMode) IsContainer() bool {
- return false
+ parts := strings.SplitN(string(n), ":", 2)
+ return len(parts) > 1 && parts[0] == "container"
}
// Container is the id of the container which network this container is connected to.
func (n UsernsMode) Container() string {
+ parts := strings.SplitN(string(n), ":", 2)
+ if len(parts) > 1 {
+ return parts[1]
+ }
return ""
}