summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/podman/containers/create.go29
1 files changed, 15 insertions, 14 deletions
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
index c8007bc2f..ed09585ba 100644
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@@ -161,24 +161,25 @@ func createInit(c *cobra.Command) error {
if c.Flag("no-hosts").Changed && c.Flag("add-host").Changed {
return errors.Errorf("--no-hosts and --add-host cannot be set together")
}
- if c.Flag("userns").Changed {
- cliVals.UserNS = c.Flag("userns").Value.String()
- }
- if c.Flag("ipc").Changed {
- cliVals.IPC = c.Flag("ipc").Value.String()
- }
- if c.Flag("uts").Changed {
- cliVals.UTS = c.Flag("uts").Value.String()
- }
- if c.Flag("pid").Changed {
- cliVals.PID = c.Flag("pid").Value.String()
+ cliVals.UserNS = c.Flag("userns").Value.String()
+ // if user did not modify --userns flag and did turn on
+ // uid/gid mappsings, set userns flag to "private"
+ if !c.Flag("userns").Changed && cliVals.UserNS == "host" {
+ if len(cliVals.UIDMap) > 0 ||
+ len(cliVals.GIDMap) > 0 ||
+ cliVals.SubUIDName != "" ||
+ cliVals.SubGIDName != "" {
+ cliVals.UserNS = "private"
+ }
}
+
+ cliVals.IPC = c.Flag("ipc").Value.String()
+ cliVals.UTS = c.Flag("uts").Value.String()
+ cliVals.PID = c.Flag("pid").Value.String()
+ cliVals.CGroupsNS = c.Flag("cgroupns").Value.String()
if !c.Flag("pids-limit").Changed {
cliVals.PIDsLimit = -1
}
- if c.Flag("cgroupns").Changed {
- cliVals.CGroupsNS = c.Flag("cgroupns").Value.String()
- }
if c.Flag("entrypoint").Changed {
val := c.Flag("entrypoint").Value.String()
cliVals.Entrypoint = &val