diff options
| author | Urvashi Mohnani <umohnani@redhat.com> | 2021-11-15 10:05:42 -0500 |
|---|---|---|
| committer | Urvashi Mohnani <umohnani@redhat.com> | 2021-11-21 19:44:26 -0500 |
| commit | a8b3c67b974bd1b55a80188826e2c7ca983a9d95 (patch) | |
| tree | c4b95bb19bce6cb24210000591918d4a931b54f4 /pkg | |
| parent | 2f6cdd353f50e6c26b34f0b1bff028e8393d2580 (diff) | |
| download | podman-a8b3c67b974bd1b55a80188826e2c7ca983a9d95.tar.gz podman-a8b3c67b974bd1b55a80188826e2c7ca983a9d95.tar.bz2 podman-a8b3c67b974bd1b55a80188826e2c7ca983a9d95.zip | |
Add note about volume with unprivileged container
Add a note to the generated kube yaml if we detect a
volume is being mounted. The note lets the user know
what needs to be done to avoid permission denied error
when trying to access the volume for an unprivileged
container.
Add the same note to the man pages.
NO NEW TESTS NEEDED
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/domain/infra/abi/generate.go | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/pkg/domain/infra/abi/generate.go b/pkg/domain/infra/abi/generate.go index a4d6bcf86..0defa1923 100644 --- a/pkg/domain/infra/abi/generate.go +++ b/pkg/domain/infra/abi/generate.go @@ -124,6 +124,14 @@ func (ic *ContainerEngine) GenerateKube(ctx context.Context, nameOrIDs []string, if err != nil { return nil, err } + if len(po.Spec.Volumes) != 0 { + warning := ` +# NOTE: If you generated this yaml from an unprivileged and rootless podman container on an SELinux +# enabled system, check the podman generate kube man page for steps to follow to ensure that your pod/container +# has the right permissions to access the volumes added. +` + content = append(content, []byte(warning)) + } b, err := generateKubeYAML(libpod.ConvertV1PodToYAMLPod(po)) if err != nil { return nil, err |