diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-04-06 17:04:50 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-04-06 17:04:50 +0200 |
commit | 382b5b81d24870abe400d14296e4f5ef47c99d29 (patch) | |
tree | 05d4173fd7095cf10df6ea7f89ab5202200daad8 /pkg/specgen | |
parent | f143de9db6861cd8b8d6fc4e03f2826041307982 (diff) | |
parent | 541252afa701850f6691933d575c5c24ed0b17c1 (diff) | |
download | podman-382b5b81d24870abe400d14296e4f5ef47c99d29.tar.gz podman-382b5b81d24870abe400d14296e4f5ef47c99d29.tar.bz2 podman-382b5b81d24870abe400d14296e4f5ef47c99d29.zip |
Merge pull request #9942 from mheon/fix_9919
Ensure that `--userns=keep-id` sets user in config
Diffstat (limited to 'pkg/specgen')
-rw-r--r-- | pkg/specgen/generate/namespaces.go | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go index 845dfdad7..b52e8d100 100644 --- a/pkg/specgen/generate/namespaces.go +++ b/pkg/specgen/generate/namespaces.go @@ -157,6 +157,16 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod. case specgen.KeepID: if rootless.IsRootless() { toReturn = append(toReturn, libpod.WithAddCurrentUserPasswdEntry()) + + // If user is not overridden, set user in the container + // to user running Podman. + if s.User == "" { + _, uid, gid, err := util.GetKeepIDMapping() + if err != nil { + return nil, err + } + toReturn = append(toReturn, libpod.WithUser(fmt.Sprintf("%d:%d", uid, gid))) + } } else { // keep-id as root doesn't need a user namespace s.UserNS.NSMode = specgen.Host |