aboutsummaryrefslogtreecommitdiff
path: root/pkg/specgen/generate
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2020-04-24 22:39:26 +0200
committerGitHub <noreply@github.com>2020-04-24 22:39:26 +0200
commit2afe579c064923841a55d57458fac4d91bec8173 (patch)
tree698f40ce419698c30cf8969b9438b3aa395f8434 /pkg/specgen/generate
parent10f3a8ac6bd9028f1c70ad48a7ebf2b2e33f2d6e (diff)
parent88f1994ab9a0bf3a8df3c8f74a39cd1db27c2070 (diff)
downloadpodman-2afe579c064923841a55d57458fac4d91bec8173.tar.gz
podman-2afe579c064923841a55d57458fac4d91bec8173.tar.bz2
podman-2afe579c064923841a55d57458fac4d91bec8173.zip
Merge pull request #5971 from giuseppe/fix-userns-tests
v2, podman: fix and enable all run_userns_test.go tests
Diffstat (limited to 'pkg/specgen/generate')
-rw-r--r--pkg/specgen/generate/namespaces.go20
1 files changed, 20 insertions, 0 deletions
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index 2e0e088bf..a8b74b504 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -10,6 +10,7 @@ import (
"github.com/containers/libpod/pkg/cgroups"
"github.com/containers/libpod/pkg/rootless"
"github.com/containers/libpod/pkg/specgen"
+ "github.com/containers/libpod/pkg/util"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
"github.com/pkg/errors"
@@ -175,6 +176,13 @@ func GenerateNamespaceOptions(s *specgen.SpecGenerator, rt *libpod.Runtime, pod
// User
switch s.UserNS.NSMode {
+ case specgen.KeepID:
+ if rootless.IsRootless() {
+ s.User = ""
+ } else {
+ // keep-id as root doesn't need a user namespace
+ s.UserNS.NSMode = specgen.Host
+ }
case specgen.FromPod:
if pod == nil || infraCtr == nil {
return nil, errNoInfra
@@ -378,6 +386,18 @@ func specConfigureNamespaces(s *specgen.SpecGenerator, g *generate.Generator, rt
if err := g.RemoveLinuxNamespace(string(spec.UserNamespace)); err != nil {
return err
}
+ case specgen.KeepID:
+ var (
+ err error
+ uid, gid int
+ )
+ s.IDMappings, uid, gid, err = util.GetKeepIDMapping()
+ if err != nil {
+ return err
+ }
+ g.SetProcessUID(uint32(uid))
+ g.SetProcessGID(uint32(gid))
+ fallthrough
case specgen.Private:
if err := g.AddOrReplaceLinuxNamespace(string(spec.UserNamespace), ""); err != nil {
return err