diff options
| -rw-r--r-- | cmd/podman/images/build.go | 2 | ||||
| -rw-r--r-- | docs/source/markdown/podman-create.1.md | 3 | ||||
| -rw-r--r-- | docs/source/markdown/podman-run.1.md | 4 | ||||
| -rw-r--r-- | pkg/specgen/generate/namespaces.go | 10 | ||||
| -rw-r--r-- | test/e2e/build_test.go | 15 | ||||
| -rw-r--r-- | test/e2e/create_test.go | 13 |
6 files changed, 44 insertions, 3 deletions
diff --git a/cmd/podman/images/build.go b/cmd/podman/images/build.go index 606c18aae..6fc73eb64 100644 --- a/cmd/podman/images/build.go +++ b/cmd/podman/images/build.go @@ -257,6 +257,7 @@ func build(cmd *cobra.Command, args []string) error { return errors.Wrapf(err, "error determining path to file %q", containerFiles[i]) } contextDir = filepath.Dir(absFile) + containerFiles[i] = absFile break } } @@ -289,7 +290,6 @@ func build(cmd *cobra.Command, args []string) error { if err != nil { return err } - report, err := registry.ImageEngine().Build(registry.GetContext(), containerFiles, *apiBuildOpts) if err != nil { diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index e3647b194..dd79a8d74 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -365,6 +365,8 @@ GID map for the user namespace. Using this flag will run the container with user The following example maps uids 0-2000 in the container to the uids 30000-31999 on the host and gids 0-2000 in the container to the gids 30000-31999 on the host. `--gidmap=0:30000:2000` +Note: the **--gidmap** flag cannot be called in conjunction with the **--pod** flag as a gidmap cannot be set on the container level when in a pod. + #### **--group-add**=*group|keep-groups* Add additional groups to assign to primary user running within the container process. @@ -1166,6 +1168,7 @@ Even if a user does not have any subordinate UIDs in _/etc/subuid_, **--uidmap** could still be used to map the normal UID of the user to a container UID by running `podman create --uidmap $container_uid:0:1 --user $container_uid ...`. +Note: the **--uidmap** flag cannot be called in conjunction with the **--pod** flag as a uidmap cannot be set on the container level when in a pod. #### **--ulimit**=*option* diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index b98e563ef..80652fcdf 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -407,6 +407,8 @@ Meaning **groupname** is initially mapped to gid **100000** which is referenced above: The group **groupname** is mapped to group **100000** of the initial namespace then the **30000**st id of this namespace (which is gid 130000 in this namespace) is mapped to container namespace group id **0**. (groupname -> 100000 / 30000 -> 0) +Note: the **--gidmap** flag cannot be called in conjunction with the **--pod** flag as a gidmap cannot be set on the container level when in a pod. + #### **--group-add**=*group|keep-groups* Add additional groups to assign to primary user running within the container process. @@ -1241,6 +1243,8 @@ Even if a user does not have any subordinate UIDs in _/etc/subuid_, **--uidmap** could still be used to map the normal UID of the user to a container UID by running `podman run --uidmap $container_uid:0:1 --user $container_uid ...`. +Note: the **--uidmap** flag cannot be called in conjunction with the **--pod** flag as a uidmap cannot be set on the container level when in a pod. + #### **--ulimit**=*option* Ulimit options. You can use **host** to copy the current configuration from the host. diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go index b04cf30f5..760fbe2b9 100644 --- a/pkg/specgen/generate/namespaces.go +++ b/pkg/specgen/generate/namespaces.go @@ -193,8 +193,14 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod. // This wipes the UserNS settings that get set from the infra container // when we are inheritting from the pod. So only apply this if the container // is not being created in a pod. - if s.IDMappings != nil && pod == nil { - toReturn = append(toReturn, libpod.WithIDMappings(*s.IDMappings)) + if s.IDMappings != nil { + if pod == nil { + toReturn = append(toReturn, libpod.WithIDMappings(*s.IDMappings)) + } else { + if pod.HasInfraContainer() && (len(s.IDMappings.UIDMap) > 0 || len(s.IDMappings.GIDMap) > 0) { + return nil, errors.Wrapf(define.ErrInvalidArg, "cannot specify a new uid/gid map when entering a pod with an infra container") + } + } } if s.User != "" { toReturn = append(toReturn, libpod.WithUser(s.User)) diff --git a/test/e2e/build_test.go b/test/e2e/build_test.go index d4f0a2b04..c05dc6f3f 100644 --- a/test/e2e/build_test.go +++ b/test/e2e/build_test.go @@ -691,4 +691,19 @@ RUN ls /dev/test1`, ALPINE) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) }) + + It("podman build use absolute path even if given relative", func() { + containerFile := fmt.Sprintf(`FROM %s`, ALPINE) + err = os.Mkdir("relative", 0755) + Expect(err).To(BeNil()) + containerFilePath := filepath.Join("relative", "Containerfile") + fmt.Println(containerFilePath) + err = ioutil.WriteFile(containerFilePath, []byte(containerFile), 0755) + Expect(err).To(BeNil()) + build := podmanTest.Podman([]string{"build", "-f", "./relative/Containerfile"}) + build.WaitWithDefaultTimeout() + Expect(build).To(Exit(0)) + err = os.RemoveAll("relative") + Expect(err).To(BeNil()) + }) }) diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go index 9126303cd..a482c0068 100644 --- a/test/e2e/create_test.go +++ b/test/e2e/create_test.go @@ -693,4 +693,17 @@ var _ = Describe("Podman create", func() { Expect(idata[0].Os).To(Equal(runtime.GOOS)) Expect(idata[0].Architecture).To(Equal("arm64")) }) + + It("podman create --uid/gidmap --pod conflict test", func() { + create := podmanTest.Podman([]string{"create", "--uidmap", "0:1000:1000", "--pod", "new:testing123", ALPINE}) + create.WaitWithDefaultTimeout() + Expect(create).ShouldNot(Exit(0)) + Expect(create.ErrorToString()).To(ContainSubstring("cannot specify a new uid/gid map when entering a pod with an infra container")) + + create = podmanTest.Podman([]string{"create", "--gidmap", "0:1000:1000", "--pod", "new:testing1234", ALPINE}) + create.WaitWithDefaultTimeout() + Expect(create).ShouldNot(Exit(0)) + Expect(create.ErrorToString()).To(ContainSubstring("cannot specify a new uid/gid map when entering a pod with an infra container")) + + }) }) |