diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-07-24 11:20:31 +0200 |
---|---|---|
committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-07-25 23:04:55 +0200 |
commit | 1d72f651e4c5118c020a1ab7281d3de0bf31899e (patch) | |
tree | 349a0ac5be0a70963448420ede6bc84f8f51ece5 /pkg/namespaces | |
parent | ba5741e3986bff0974989a3c662895aabb329f4c (diff) | |
download | podman-1d72f651e4c5118c020a1ab7281d3de0bf31899e.tar.gz podman-1d72f651e4c5118c020a1ab7281d3de0bf31899e.tar.bz2 podman-1d72f651e4c5118c020a1ab7281d3de0bf31899e.zip |
podman: support --userns=ns|container
allow to join the user namespace of another container.
Closes: https://github.com/containers/libpod/issues/3629
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'pkg/namespaces')
-rw-r--r-- | pkg/namespaces/namespaces.go | 29 |
1 files changed, 26 insertions, 3 deletions
diff --git a/pkg/namespaces/namespaces.go b/pkg/namespaces/namespaces.go index 7ed95bd0f..35298796f 100644 --- a/pkg/namespaces/namespaces.go +++ b/pkg/namespaces/namespaces.go @@ -76,27 +76,50 @@ func (n UsernsMode) IsKeepID() bool { // IsPrivate indicates whether the container uses the a private userns. func (n UsernsMode) IsPrivate() bool { - return !(n.IsHost()) + return !(n.IsHost() || n.IsContainer()) } // Valid indicates whether the userns is valid. func (n UsernsMode) Valid() bool { parts := strings.Split(string(n), ":") switch mode := parts[0]; mode { - case "", "host", "keep-id": + case "", "host", "keep-id", "ns": + case "container": + if len(parts) != 2 || parts[1] == "" { + return false + } default: return false } return true } +// IsNS indicates a userns namespace passed in by path (ns:<path>) +func (n UsernsMode) IsNS() bool { + return strings.HasPrefix(string(n), "ns:") +} + +// NS gets the path associated with a ns:<path> userns ns +func (n UsernsMode) NS() string { + parts := strings.SplitN(string(n), ":", 2) + if len(parts) > 1 { + return parts[1] + } + return "" +} + // IsContainer indicates whether container uses a container userns. func (n UsernsMode) IsContainer() bool { - return false + parts := strings.SplitN(string(n), ":", 2) + return len(parts) > 1 && parts[0] == "container" } // Container is the id of the container which network this container is connected to. func (n UsernsMode) Container() string { + parts := strings.SplitN(string(n), ":", 2) + if len(parts) > 1 { + return parts[1] + } return "" } |