diff options
Diffstat (limited to 'cmd')
-rw-r--r-- | cmd/podman/common/create.go | 2 | ||||
-rw-r--r-- | cmd/podman/containers/create.go | 19 |
2 files changed, 20 insertions, 1 deletions
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go index da391d30d..d496ae308 100644 --- a/cmd/podman/common/create.go +++ b/cmd/podman/common/create.go @@ -277,7 +277,7 @@ func DefineCreateFlags(cmd *cobra.Command, cf *ContainerCLIOpts) { createFlags.StringSliceVar( &cf.GroupAdd, groupAddFlagName, []string{}, - "Add additional groups to join", + "Add additional groups to the primary container process. 'keep-groups' allows container processes to use suplementary groups.", ) _ = cmd.RegisterFlagCompletionFunc(groupAddFlagName, completion.AutocompleteNone) diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go index 507e9c221..3f495e19b 100644 --- a/cmd/podman/containers/create.go +++ b/cmd/podman/containers/create.go @@ -193,6 +193,25 @@ func createInit(c *cobra.Command) error { val := c.Flag("entrypoint").Value.String() cliVals.Entrypoint = &val } + + if c.Flags().Changed("group-add") { + groups := []string{} + for _, g := range cliVals.GroupAdd { + if g == "keep-groups" { + if len(cliVals.GroupAdd) > 1 { + return errors.New("the '--group-add keep-groups' option is not allowed with any other --group-add options") + } + if registry.IsRemote() { + return errors.New("the '--group-add keep-groups' option is not supported in remote mode") + } + cliVals.Annotation = append(cliVals.Annotation, "run.oci.keep_original_groups=1") + } else { + groups = append(groups, g) + } + } + cliVals.GroupAdd = groups + } + if c.Flags().Changed("pids-limit") { val := c.Flag("pids-limit").Value.String() pidsLimit, err := strconv.ParseInt(val, 10, 32) |