diff options
| -rw-r--r-- | cmd/podman/system/connection.go | 4 | ||||
| -rw-r--r-- | completions/bash/podman | 12 | ||||
| -rw-r--r-- | docs/source/markdown/podman-auto-update.1.md | 2 | ||||
| -rw-r--r-- | libpod/container_internal.go | 20 | ||||
| -rw-r--r-- | pkg/api/server/register_volumes.go | 4 | ||||
| -rw-r--r-- | pkg/bindings/connection.go | 13 | ||||
| -rw-r--r-- | test/e2e/run_userns_test.go | 7 |
7 files changed, 47 insertions, 15 deletions
diff --git a/cmd/podman/system/connection.go b/cmd/podman/system/connection.go index f19af2ccf..9f80a454b 100644 --- a/cmd/podman/system/connection.go +++ b/cmd/podman/system/connection.go @@ -42,7 +42,7 @@ var ( RunE: connection, Example: `podman system connection server.fubar.com podman system connection --identity ~/.ssh/dev_rsa ssh://root@server.fubar.com:2222 - podman system connection --identity ~/.ssh/dev_rsa -port 22 root@server.fubar.com`, + podman system connection --identity ~/.ssh/dev_rsa --port 22 root@server.fubar.com`, } cOpts = struct { @@ -202,7 +202,7 @@ func getUDS(cmd *cobra.Command, uri *url.URL) (string, error) { return "", errors.Wrapf(err, "failed to parse 'podman info' results") } - if info.Host.RemoteSocket == nil || !info.Host.RemoteSocket.Exists { + if info.Host.RemoteSocket == nil || len(info.Host.RemoteSocket.Path) == 0 { return "", fmt.Errorf("remote podman %q failed to report its UDS socket", uri.Host) } return info.Host.RemoteSocket.Path, nil diff --git a/completions/bash/podman b/completions/bash/podman index 595739abf..cb4e86156 100644 --- a/completions/bash/podman +++ b/completions/bash/podman @@ -1018,14 +1018,15 @@ _podman_network_create() { ;; esac } + _podman_network_inspect() { local options_with_args=" + --format + -f " local boolean_options=" --help -h - --format - -f " _complete_ "$options_with_args" "$boolean_options" @@ -1038,15 +1039,15 @@ _podman_network_inspect() { _podman_network_ls() { local options_with_args=" + --format + -f + --filter " local boolean_options=" --help -h --quiet -q - --format - -f - -- filter " _complete_ "$options_with_args" "$boolean_options" @@ -3565,6 +3566,7 @@ _podman_podman() { logs manifest mount + network pause pod port diff --git a/docs/source/markdown/podman-auto-update.1.md b/docs/source/markdown/podman-auto-update.1.md index 435a767c1..90e581e42 100644 --- a/docs/source/markdown/podman-auto-update.1.md +++ b/docs/source/markdown/podman-auto-update.1.md @@ -38,7 +38,7 @@ environment variable. `export REGISTRY_AUTH_FILE=path` ``` # Start a container $ podman run --label "io.containers.autoupdate=image" \ - --label "io.containers.autoupdate.autfile=/some/authfile.json" \ + --label "io.containers.autoupdate.authfile=/some/authfile.json" \ -d busybox:latest top bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 73e0b2118..db64f5eeb 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -22,6 +22,7 @@ import ( "github.com/containers/libpod/pkg/selinux" "github.com/containers/storage" "github.com/containers/storage/pkg/archive" + "github.com/containers/storage/pkg/idtools" "github.com/containers/storage/pkg/mount" securejoin "github.com/cyphar/filepath-securejoin" spec "github.com/opencontainers/runtime-spec/specs-go" @@ -360,6 +361,25 @@ func (c *Container) setupStorageMapping(dest, from *storage.IDMappingOptions) { } dest.AutoUserNsOpts.InitialSize = initialSize + 1 } + } else if c.config.Spec.Linux != nil { + dest.UIDMap = nil + for _, r := range c.config.Spec.Linux.UIDMappings { + u := idtools.IDMap{ + ContainerID: int(r.ContainerID), + HostID: int(r.HostID), + Size: int(r.Size), + } + dest.UIDMap = append(dest.UIDMap, u) + } + dest.GIDMap = nil + for _, r := range c.config.Spec.Linux.GIDMappings { + g := idtools.IDMap{ + ContainerID: int(r.ContainerID), + HostID: int(r.HostID), + Size: int(r.Size), + } + dest.GIDMap = append(dest.GIDMap, g) + } } } diff --git a/pkg/api/server/register_volumes.go b/pkg/api/server/register_volumes.go index 93b972b6b..1d5abd830 100644 --- a/pkg/api/server/register_volumes.go +++ b/pkg/api/server/register_volumes.go @@ -28,7 +28,7 @@ func (s *APIServer) registerVolumeHandlers(r *mux.Router) error { // swagger:operation GET /libpod/volumes/json volumes listVolumes // --- // summary: List volumes - // description: Returns a list of networks + // description: Returns a list of volumes // produces: // - application/json // parameters: @@ -36,7 +36,7 @@ func (s *APIServer) registerVolumeHandlers(r *mux.Router) error { // name: filters // type: string // description: | - // JSON encoded value of the filters (a map[string][]string) to process on the networks list. Available filters: + // JSON encoded value of the filters (a map[string][]string) to process on the volumes list. Available filters: // - driver=<volume-driver-name> Matches volumes based on their driver. // - label=<key> or label=<key>:<value> Matches volumes based on the presence of a label alone or a label and a value. // - name=<volume-name> Matches all of volume name. diff --git a/pkg/bindings/connection.go b/pkg/bindings/connection.go index 584aa55c1..c02d55e31 100644 --- a/pkg/bindings/connection.go +++ b/pkg/bindings/connection.go @@ -181,12 +181,15 @@ func pingNewConnection(ctx context.Context) error { func sshClient(_url *url.URL, secure bool, passPhrase string, identity string) (Connection, error) { authMethods := []ssh.AuthMethod{} - auth, err := terminal.PublicKey(identity, []byte(passPhrase)) - if err != nil { - return Connection{}, errors.Wrapf(err, "failed to parse identity %q", identity) + + if len(identity) > 0 { + auth, err := terminal.PublicKey(identity, []byte(passPhrase)) + if err != nil { + return Connection{}, errors.Wrapf(err, "failed to parse identity %q", identity) + } + logrus.Debugf("public key signer enabled for identity %q", identity) + authMethods = append(authMethods, auth) } - logrus.Debugf("public key signer enabled for identity %q", identity) - authMethods = append(authMethods, auth) if sock, found := os.LookupEnv("SSH_AUTH_SOCK"); found { logrus.Debugf("Found SSH_AUTH_SOCK %q, ssh-agent signer enabled", sock) diff --git a/test/e2e/run_userns_test.go b/test/e2e/run_userns_test.go index 5b9a99daa..be0981408 100644 --- a/test/e2e/run_userns_test.go +++ b/test/e2e/run_userns_test.go @@ -89,6 +89,13 @@ var _ = Describe("Podman UserNS support", func() { Expect(ok).To(BeTrue()) }) + It("podman --userns=keep-id root owns /usr", func() { + session := podmanTest.Podman([]string{"run", "--userns=keep-id", "alpine", "stat", "-c%u", "/usr"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Equal("0")) + }) + It("podman --userns=keep-id --user root:root", func() { session := podmanTest.Podman([]string{"run", "--userns=keep-id", "--user", "root:root", "alpine", "id", "-u"}) session.WaitWithDefaultTimeout() |