diff options
| -rw-r--r-- | cmd/podman/create.go | 2 | ||||
| -rw-r--r-- | docs/podman-create.1.md | 1 | ||||
| -rw-r--r-- | docs/podman-run.1.md | 1 | ||||
| -rw-r--r-- | pkg/spec/spec.go | 8 |
4 files changed, 11 insertions, 1 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go index 6fe68ebab..071c04ca5 100644 --- a/cmd/podman/create.go +++ b/cmd/podman/create.go @@ -374,7 +374,7 @@ func parseCreateOpts(ctx context.Context, c *cli.Context, runtime *libpod.Runtim } usernsMode := container.UsernsMode(c.String("userns")) - if !usernsMode.Valid() { + if !cc.IsNS(string(usernsMode)) && !usernsMode.Valid() { return nil, errors.Errorf("--userns %q is not valid", c.String("userns")) } diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md index 68b711001..d9165d4cb 100644 --- a/docs/podman-create.1.md +++ b/docs/podman-create.1.md @@ -582,6 +582,7 @@ Without this argument the command will be run as root in the container. Set the usernamespace mode for the container. The use of userns is disabled by default. **host**: use the host usernamespace and enable all privileged options (e.g., `pid=host` or `--privileged`). + **ns**: specify the usernamespace to use. **--uts**=*host* diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md index c03fd7c46..9af9640b0 100644 --- a/docs/podman-run.1.md +++ b/docs/podman-run.1.md @@ -612,6 +612,7 @@ Without this argument the command will be run as root in the container. Set the usernamespace mode for the container. The use of userns is disabled by default. `host`: use the host usernamespace and enable all privileged options (e.g., `pid=host` or `--privileged`). +`ns`: specify the usernamespace to use. **--uts**=*host* diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index acc41f7c5..dcf1c51dd 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -326,6 +326,14 @@ func addPidNS(config *CreateConfig, g *generate.Generator) error { } func addUserNS(config *CreateConfig, g *generate.Generator) error { + if IsNS(string(config.UsernsMode)) { + g.AddOrReplaceLinuxNamespace(spec.UserNamespace, NS(string(config.UsernsMode))) + + // runc complains if no mapping is specified, even if we join another ns. So provide a dummy mapping + g.AddLinuxUIDMapping(uint32(0), uint32(0), uint32(1)) + g.AddLinuxGIDMapping(uint32(0), uint32(0), uint32(1)) + } + if (len(config.IDMappings.UIDMap) > 0 || len(config.IDMappings.GIDMap) > 0) && !config.UsernsMode.IsHost() { g.AddOrReplaceLinuxNamespace(spec.UserNamespace, "") } |