summaryrefslogtreecommitdiff
path: root/cmd
diff options
context:
space:
mode:
Diffstat (limited to 'cmd')
-rw-r--r--cmd/podman/common/create.go2
-rw-r--r--cmd/podman/containers/create.go19
2 files changed, 20 insertions, 1 deletions
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go
index da391d30d..d496ae308 100644
--- a/cmd/podman/common/create.go
+++ b/cmd/podman/common/create.go
@@ -277,7 +277,7 @@ func DefineCreateFlags(cmd *cobra.Command, cf *ContainerCLIOpts) {
createFlags.StringSliceVar(
&cf.GroupAdd,
groupAddFlagName, []string{},
- "Add additional groups to join",
+ "Add additional groups to the primary container process. 'keep-groups' allows container processes to use suplementary groups.",
)
_ = cmd.RegisterFlagCompletionFunc(groupAddFlagName, completion.AutocompleteNone)
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
index 507e9c221..3f495e19b 100644
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@@ -193,6 +193,25 @@ func createInit(c *cobra.Command) error {
val := c.Flag("entrypoint").Value.String()
cliVals.Entrypoint = &val
}
+
+ if c.Flags().Changed("group-add") {
+ groups := []string{}
+ for _, g := range cliVals.GroupAdd {
+ if g == "keep-groups" {
+ if len(cliVals.GroupAdd) > 1 {
+ return errors.New("the '--group-add keep-groups' option is not allowed with any other --group-add options")
+ }
+ if registry.IsRemote() {
+ return errors.New("the '--group-add keep-groups' option is not supported in remote mode")
+ }
+ cliVals.Annotation = append(cliVals.Annotation, "run.oci.keep_original_groups=1")
+ } else {
+ groups = append(groups, g)
+ }
+ }
+ cliVals.GroupAdd = groups
+ }
+
if c.Flags().Changed("pids-limit") {
val := c.Flag("pids-limit").Value.String()
pidsLimit, err := strconv.ParseInt(val, 10, 32)