diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-07-24 11:20:31 +0200 |
|---|---|---|
| committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-07-25 23:04:55 +0200 |
| commit | 1d72f651e4c5118c020a1ab7281d3de0bf31899e (patch) | |
| tree | 349a0ac5be0a70963448420ede6bc84f8f51ece5 /pkg/spec/spec.go | |
| parent | ba5741e3986bff0974989a3c662895aabb329f4c (diff) | |
| download | podman-1d72f651e4c5118c020a1ab7281d3de0bf31899e.tar.gz podman-1d72f651e4c5118c020a1ab7281d3de0bf31899e.tar.bz2 podman-1d72f651e4c5118c020a1ab7281d3de0bf31899e.zip | |
podman: support --userns=ns|container
allow to join the user namespace of another container.
Closes: https://github.com/containers/libpod/issues/3629
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'pkg/spec/spec.go')
| -rw-r--r-- | pkg/spec/spec.go | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 824c99025..15c8c77fa 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -46,7 +46,8 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM canMountSys := true isRootless := rootless.IsRootless() - inUserNS := isRootless || (len(config.IDMappings.UIDMap) > 0 || len(config.IDMappings.GIDMap) > 0) && !config.UsernsMode.IsHost() + hasUserns := config.UsernsMode.IsContainer() || config.UsernsMode.IsNS() || len(config.IDMappings.UIDMap) > 0 || len(config.IDMappings.GIDMap) > 0 + inUserNS := isRootless || (hasUserns && !config.UsernsMode.IsHost()) if inUserNS && config.NetMode.IsHost() { canMountSys = false @@ -554,7 +555,6 @@ func addUserNS(config *CreateConfig, g *generate.Generator) error { if err := g.AddOrReplaceLinuxNamespace(spec.UserNamespace, NS(string(config.UsernsMode))); err != nil { return err } - // runc complains if no mapping is specified, even if we join another ns. So provide a dummy mapping g.AddLinuxUIDMapping(uint32(0), uint32(0), uint32(1)) g.AddLinuxGIDMapping(uint32(0), uint32(0), uint32(1)) |