Merge pull request #12627 from rhatdan/passwd

Allow users to add host user accounts to /etc/passwd

5 files changed, 17 insertions, 0 deletions

diff --git a/pkg/domain/entities/pods.go b/pkg/domain/entities/pods.go
index 5c5fa0cb3..f9850e5a8 100644
--- a/pkg/domain/entities/pods.go
+++ b/pkg/domain/entities/pods.go
@@ -189,6 +189,7 @@ type ContainerCreateOptions struct {
 	HealthTimeout     string
 	Hostname          string `json:"hostname,omitempty"`
 	HTTPProxy         bool
+	HostUsers         []string
 	ImageVolume       string
 	Init              bool
 	InitContainerType string
diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
index 1debf6c0e..7ab9d1b29 100644
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@@ -156,6 +156,10 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
 		return nil, nil, nil, err
 	}
 
+	if len(s.HostUsers) > 0 {
+		options = append(options, libpod.WithHostUsers(s.HostUsers))
+	}
+
 	command, err := makeCommand(ctx, s, imageData, rtc)
 	if err != nil {
 		return nil, nil, nil, err
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index 5a1cc1144..5989456c9 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -152,6 +152,9 @@ type ContainerBasicConfig struct {
 	// Conflicts with UtsNS if UtsNS is not set to private.
 	// Optional.
 	Hostname string `json:"hostname,omitempty"`
+	// HostUses is a list of host usernames or UIDs to add to the container
+	// /etc/passwd file
+	HostUsers []string `json:"hostusers,omitempty"`
 	// Sysctl sets kernel parameters for the container
 	Sysctl map[string]string `json:"sysctl,omitempty"`
 	// Remove indicates if the container should be removed once it has been started
diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go
index be8f277cc..8e43cc50e 100644
--- a/pkg/specgenutil/specgen.go
+++ b/pkg/specgenutil/specgen.go
@@ -437,6 +437,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
 		s.NetworkOptions = c.Net.NetworkOptions
 		s.UseImageHosts = c.Net.NoHosts
 	}
+	s.HostUsers = c.HostUsers
 	s.ImageVolumeMode = c.ImageVolume
 	if s.ImageVolumeMode == "bind" {
 		s.ImageVolumeMode = "anonymous"
diff --git a/pkg/util/utils.go b/pkg/util/utils.go
index 208d815d9..390057c32 100644
--- a/pkg/util/utils.go
+++ b/pkg/util/utils.go
@@ -723,3 +723,11 @@ func SocketPath() (string, error) {
 	// Glue the socket path together
 	return filepath.Join(xdg, "podman", "podman.sock"), nil
 }
+
+func LookupUser(name string) (*user.User, error) {
+	// Assume UID look up first, if it fails lookup by username
+	if u, err := user.LookupId(name); err == nil {
+		return u, err
+	}
+	return user.Lookup(name)
+}