summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/podman/shared/create.go6
-rw-r--r--go.mod2
-rw-r--r--go.sum2
-rw-r--r--vendor/github.com/containers/common/pkg/config/containers.conf2
-rw-r--r--vendor/github.com/containers/common/pkg/config/default.go11
-rw-r--r--vendor/github.com/containers/common/pkg/config/libpodConfig.go6
-rw-r--r--vendor/modules.txt2
7 files changed, 26 insertions, 5 deletions
diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go
index 94b1e63dc..a9cd3078b 100644
--- a/cmd/podman/shared/create.go
+++ b/cmd/podman/shared/create.go
@@ -376,6 +376,10 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod.
}
}
+ usernsType := c.String("userns")
+ if !c.IsSet("userns") && !idmappings.HostUIDMapping {
+ usernsType = "private"
+ }
// Kernel Namespaces
// TODO Fix handling of namespace from pod
// Instead of integrating here, should be done in libpod
@@ -386,7 +390,7 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod.
"pid": c.String("pid"),
"net": c.String("network"),
"ipc": c.String("ipc"),
- "user": c.String("userns"),
+ "user": usernsType,
"uts": c.String("uts"),
}
diff --git a/go.mod b/go.mod
index 08e52e83b..bf76132c6 100644
--- a/go.mod
+++ b/go.mod
@@ -10,7 +10,7 @@ require (
github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921
github.com/containernetworking/plugins v0.8.5
github.com/containers/buildah v1.14.8
- github.com/containers/common v0.8.1
+ github.com/containers/common v0.8.2
github.com/containers/conmon v2.0.14+incompatible
github.com/containers/image/v5 v5.4.3
github.com/containers/psgo v1.4.0
diff --git a/go.sum b/go.sum
index 2ca41f042..177157e2f 100644
--- a/go.sum
+++ b/go.sum
@@ -67,6 +67,8 @@ github.com/containers/buildah v1.14.8 h1:JbMI0QSOmyZ30Mr2633uCXAj+Fajgh/EFS9xX/Y
github.com/containers/buildah v1.14.8/go.mod h1:ytEjHJQnRXC1ygXMyc0FqYkjcoCydqBQkOdxbH563QU=
github.com/containers/common v0.8.1 h1:1IUwAtZ4mC7GYRr4AC23cHf2oXCuoLzTUoSzIkSgnYw=
github.com/containers/common v0.8.1/go.mod h1:VxDJbaA1k6N1TNv9Rt6bQEF4hyKVHNfOfGA5L91ADEs=
+github.com/containers/common v0.8.2 h1:TzbHcY1C6xAcZyPk0UJLAKVpW77AUkw5DWoApWB8Ge8=
+github.com/containers/common v0.8.2/go.mod h1:VxDJbaA1k6N1TNv9Rt6bQEF4hyKVHNfOfGA5L91ADEs=
github.com/containers/conmon v2.0.14+incompatible h1:knU1O1QxXy5YxtjMQVKEyCajROaehizK9FHaICl+P5Y=
github.com/containers/conmon v2.0.14+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
github.com/containers/image/v5 v5.4.3 h1:zn2HR7uu4hpvT5QQHgjqonOzKDuM1I1UHUEmzZT5sbs=
diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf
index 067be429e..5460d5f26 100644
--- a/vendor/github.com/containers/common/pkg/config/containers.conf
+++ b/vendor/github.com/containers/common/pkg/config/containers.conf
@@ -376,6 +376,8 @@
# "/usr/local/sbin/kata-runtime",
# "/sbin/kata-runtime",
# "/bin/kata-runtime",
+# "/usr/bin/kata-qemu",
+# "/usr/bin/kata-fc",
# ]
# Number of seconds to wait for container to exit before sending kill signal.
diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go
index 78bfd8a28..5dea74305 100644
--- a/vendor/github.com/containers/common/pkg/config/default.go
+++ b/vendor/github.com/containers/common/pkg/config/default.go
@@ -141,13 +141,18 @@ func DefaultConfig() (*Config, error) {
netns = "slirp4netns"
}
+ cgroupNS := "host"
+ if cgroup2, _ := cgroupv2.Enabled(); cgroup2 {
+ cgroupNS = "private"
+ }
+
return &Config{
Containers: ContainersConfig{
Devices: []string{},
Volumes: []string{},
Annotations: []string{},
ApparmorProfile: DefaultApparmorProfile,
- CgroupNS: "private",
+ CgroupNS: cgroupNS,
DefaultCapabilities: DefaultCapabilities,
DefaultSysctls: []string{},
DefaultUlimits: getDefaultProcessLimits(),
@@ -172,7 +177,7 @@ func DefaultConfig() (*Config, error) {
SeccompProfile: SeccompDefaultPath,
ShmSize: DefaultShmSize,
UTSNS: "private",
- UserNS: "private",
+ UserNS: "host",
UserNSSize: DefaultUserNSSize,
},
Network: NetworkConfig{
@@ -246,6 +251,8 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
"/usr/local/sbin/kata-runtime",
"/sbin/kata-runtime",
"/bin/kata-runtime",
+ "/usr/bin/kata-qemu",
+ "/usr/bin/kata-fc",
},
}
c.ConmonEnvVars = []string{
diff --git a/vendor/github.com/containers/common/pkg/config/libpodConfig.go b/vendor/github.com/containers/common/pkg/config/libpodConfig.go
index cdb38a514..89566f789 100644
--- a/vendor/github.com/containers/common/pkg/config/libpodConfig.go
+++ b/vendor/github.com/containers/common/pkg/config/libpodConfig.go
@@ -224,6 +224,12 @@ func newLibpodConfig(c *Config) error {
}
}
+ // hard code EventsLogger to "file" to match older podman versions.
+ if config.EventsLogger != "file" {
+ logrus.Debugf("Ignoring lipod.conf EventsLogger setting %q. Use containers.conf if you want to change this setting and remove libpod.conf files.", config.EventsLogger)
+ config.EventsLogger = "file"
+ }
+
c.libpodToContainersConfig(config)
return nil
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 535090e81..0c0b07b12 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -82,7 +82,7 @@ github.com/containers/buildah/pkg/secrets
github.com/containers/buildah/pkg/supplemented
github.com/containers/buildah/pkg/umask
github.com/containers/buildah/util
-# github.com/containers/common v0.8.1
+# github.com/containers/common v0.8.2
github.com/containers/common/pkg/apparmor
github.com/containers/common/pkg/capabilities
github.com/containers/common/pkg/cgroupv2