summaryrefslogtreecommitdiff
path: root/pkg/specgen
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2021-04-06 17:04:50 +0200
committerGitHub <noreply@github.com>2021-04-06 17:04:50 +0200
commit382b5b81d24870abe400d14296e4f5ef47c99d29 (patch)
tree05d4173fd7095cf10df6ea7f89ab5202200daad8 /pkg/specgen
parentf143de9db6861cd8b8d6fc4e03f2826041307982 (diff)
parent541252afa701850f6691933d575c5c24ed0b17c1 (diff)
downloadpodman-382b5b81d24870abe400d14296e4f5ef47c99d29.tar.gz
podman-382b5b81d24870abe400d14296e4f5ef47c99d29.tar.bz2
podman-382b5b81d24870abe400d14296e4f5ef47c99d29.zip
Merge pull request #9942 from mheon/fix_9919
Ensure that `--userns=keep-id` sets user in config
Diffstat (limited to 'pkg/specgen')
-rw-r--r--pkg/specgen/generate/namespaces.go10
1 files changed, 10 insertions, 0 deletions
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index 845dfdad7..b52e8d100 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -157,6 +157,16 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.
case specgen.KeepID:
if rootless.IsRootless() {
toReturn = append(toReturn, libpod.WithAddCurrentUserPasswdEntry())
+
+ // If user is not overridden, set user in the container
+ // to user running Podman.
+ if s.User == "" {
+ _, uid, gid, err := util.GetKeepIDMapping()
+ if err != nil {
+ return nil, err
+ }
+ toReturn = append(toReturn, libpod.WithUser(fmt.Sprintf("%d:%d", uid, gid)))
+ }
} else {
// keep-id as root doesn't need a user namespace
s.UserNS.NSMode = specgen.Host