diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2022-08-31 08:37:34 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-08-31 08:37:34 -0400 |
commit | 9b4dac4c4d683619f9015c19c317fcd68b80dcf8 (patch) | |
tree | 86ca0b08e269785a28b232791305362f2fc4e0bf /pkg/specgen/generate/namespaces.go | |
parent | 7503c5544d506826e2d8602d95433eef98208e83 (diff) | |
parent | 8637548a3676f29746ca1cce346b09a228c649ae (diff) | |
download | podman-9b4dac4c4d683619f9015c19c317fcd68b80dcf8.tar.gz podman-9b4dac4c4d683619f9015c19c317fcd68b80dcf8.tar.bz2 podman-9b4dac4c4d683619f9015c19c317fcd68b80dcf8.zip |
Merge pull request #15389 from giuseppe/userns-map-user
podman: add uid and gid options to keep-id
Diffstat (limited to 'pkg/specgen/generate/namespaces.go')
-rw-r--r-- | pkg/specgen/generate/namespaces.go | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go index f0d4e9153..e27a3abac 100644 --- a/pkg/specgen/generate/namespaces.go +++ b/pkg/specgen/generate/namespaces.go @@ -11,6 +11,7 @@ import ( "github.com/containers/common/pkg/config" "github.com/containers/podman/v4/libpod" "github.com/containers/podman/v4/libpod/define" + "github.com/containers/podman/v4/pkg/namespaces" "github.com/containers/podman/v4/pkg/rootless" "github.com/containers/podman/v4/pkg/specgen" "github.com/containers/podman/v4/pkg/util" @@ -198,12 +199,18 @@ func namespaceOptions(s *specgen.SpecGenerator, rt *libpod.Runtime, pod *libpod. if !rootless.IsRootless() { return nil, errors.New("keep-id is only supported in rootless mode") } - toReturn = append(toReturn, libpod.WithAddCurrentUserPasswdEntry()) + opts, err := namespaces.UsernsMode(s.UserNS.String()).GetKeepIDOptions() + if err != nil { + return nil, err + } + if opts.UID == nil && opts.GID == nil { + toReturn = append(toReturn, libpod.WithAddCurrentUserPasswdEntry()) + } // If user is not overridden, set user in the container // to user running Podman. if s.User == "" { - _, uid, gid, err := util.GetKeepIDMapping() + _, uid, gid, err := util.GetKeepIDMapping(opts) if err != nil { return nil, err } |