summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/podman/shared/create.go15
-rw-r--r--pkg/adapter/pods.go22
2 files changed, 32 insertions, 5 deletions
diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go
index 815e2d304..9578eb17d 100644
--- a/cmd/podman/shared/create.go
+++ b/cmd/podman/shared/create.go
@@ -282,13 +282,26 @@ func configurePod(c *GenericCLIResults, runtime *libpod.Runtime, namespaces map[
if err != nil {
return namespaces, err
}
+ hasUserns := false
+ if podInfraID != "" {
+ podCtr, err := runtime.GetContainer(podInfraID)
+ if err != nil {
+ return namespaces, err
+ }
+ mappings, err := podCtr.IDMappings()
+ if err != nil {
+ return namespaces, err
+ }
+ hasUserns = len(mappings.UIDMap) > 0
+ }
+
if (namespaces["pid"] == cc.Pod) || (!c.IsSet("pid") && pod.SharesPID()) {
namespaces["pid"] = fmt.Sprintf("container:%s", podInfraID)
}
if (namespaces["net"] == cc.Pod) || (!c.IsSet("net") && !c.IsSet("network") && pod.SharesNet()) {
namespaces["net"] = fmt.Sprintf("container:%s", podInfraID)
}
- if (namespaces["user"] == cc.Pod) || (!c.IsSet("user") && pod.SharesUser()) {
+ if hasUserns && (namespaces["user"] == cc.Pod) || (!c.IsSet("user") && pod.SharesUser()) {
namespaces["user"] = fmt.Sprintf("container:%s", podInfraID)
}
if (namespaces["ipc"] == cc.Pod) || (!c.IsSet("ipc") && pod.SharesIPC()) {
diff --git a/pkg/adapter/pods.go b/pkg/adapter/pods.go
index 5960fac60..b9d7fcd9b 100644
--- a/pkg/adapter/pods.go
+++ b/pkg/adapter/pods.go
@@ -492,14 +492,28 @@ func (r *LocalRuntime) PlayKubeYAML(ctx context.Context, c *cliconfig.KubePlayVa
if err != nil {
return nil, err
}
+ hasUserns := false
+ if podInfraID != "" {
+ podCtr, err := r.GetContainer(podInfraID)
+ if err != nil {
+ return nil, err
+ }
+ mappings, err := podCtr.IDMappings()
+ if err != nil {
+ return nil, err
+ }
+ hasUserns = len(mappings.UIDMap) > 0
+ }
namespaces := map[string]string{
// Disabled during code review per mheon
//"pid": fmt.Sprintf("container:%s", podInfraID),
- "net": fmt.Sprintf("container:%s", podInfraID),
- "user": fmt.Sprintf("container:%s", podInfraID),
- "ipc": fmt.Sprintf("container:%s", podInfraID),
- "uts": fmt.Sprintf("container:%s", podInfraID),
+ "net": fmt.Sprintf("container:%s", podInfraID),
+ "ipc": fmt.Sprintf("container:%s", podInfraID),
+ "uts": fmt.Sprintf("container:%s", podInfraID),
+ }
+ if hasUserns {
+ namespaces["user"] = fmt.Sprintf("container:%s", podInfraID)
}
if !c.Quiet {
writer = os.Stderr