diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2019-07-26 15:06:06 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-07-26 15:06:06 +0200 |
| commit | 0c4dfcfe57559d55786818b027ad12ad94574e71 (patch) | |
| tree | f80b22ab5ccad6e896e4f96021891c81ec12b853 /pkg/spec/spec.go | |
| parent | b212daa92f3a596efa87b6ccaa097f70cd34bb10 (diff) | |
| parent | 1d72f651e4c5118c020a1ab7281d3de0bf31899e (diff) | |
| download | podman-0c4dfcfe57559d55786818b027ad12ad94574e71.tar.gz podman-0c4dfcfe57559d55786818b027ad12ad94574e71.tar.bz2 podman-0c4dfcfe57559d55786818b027ad12ad94574e71.zip | |
Merge pull request #3639 from giuseppe/user-ns-container
podman: support --userns=ns|container
Diffstat (limited to 'pkg/spec/spec.go')
| -rw-r--r-- | pkg/spec/spec.go | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 824c99025..15c8c77fa 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -46,7 +46,8 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM canMountSys := true isRootless := rootless.IsRootless() - inUserNS := isRootless || (len(config.IDMappings.UIDMap) > 0 || len(config.IDMappings.GIDMap) > 0) && !config.UsernsMode.IsHost() + hasUserns := config.UsernsMode.IsContainer() || config.UsernsMode.IsNS() || len(config.IDMappings.UIDMap) > 0 || len(config.IDMappings.GIDMap) > 0 + inUserNS := isRootless || (hasUserns && !config.UsernsMode.IsHost()) if inUserNS && config.NetMode.IsHost() { canMountSys = false @@ -554,7 +555,6 @@ func addUserNS(config *CreateConfig, g *generate.Generator) error { if err := g.AddOrReplaceLinuxNamespace(spec.UserNamespace, NS(string(config.UsernsMode))); err != nil { return err } - // runc complains if no mapping is specified, even if we join another ns. So provide a dummy mapping g.AddLinuxUIDMapping(uint32(0), uint32(0), uint32(1)) g.AddLinuxGIDMapping(uint32(0), uint32(0), uint32(1)) |