diff options
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/config/default.go | 17 | ||||
| -rw-r--r-- | libpod/kube.go | 9 | ||||
| -rw-r--r-- | libpod/oci_attach_linux.go | 2 |
3 files changed, 23 insertions, 5 deletions
diff --git a/libpod/config/default.go b/libpod/config/default.go index 17574c059..5decaeab7 100644 --- a/libpod/config/default.go +++ b/libpod/config/default.go @@ -6,6 +6,7 @@ import ( "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/libpod/events" + "github.com/containers/libpod/pkg/cgroups" "github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/pkg/util" "github.com/containers/storage" @@ -47,6 +48,12 @@ func defaultConfigFromMemory() (*Config, error) { c.ImageDefaultTransport = _defaultTransport c.StateType = define.BoltDBStateStore c.OCIRuntime = "runc" + + // If we're running on cgroups v2, default to using crun. + if onCgroupsv2, _ := cgroups.IsCgroup2UnifiedMode(); onCgroupsv2 { + c.OCIRuntime = "crun" + } + c.OCIRuntimes = map[string][]string{ "runc": { "/usr/bin/runc", @@ -58,7 +65,15 @@ func defaultConfigFromMemory() (*Config, error) { "/usr/lib/cri-o-runc/sbin/runc", "/run/current-system/sw/bin/runc", }, - // TODO - should we add "crun" defaults here as well? + "crun": { + "/usr/bin/crun", + "/usr/sbin/crun", + "/usr/local/bin/crun", + "/usr/local/sbin/crun", + "/sbin/crun", + "/bin/crun", + "/run/current-system/sw/bin/crun", + }, } c.ConmonPath = []string{ "/usr/libexec/podman/conmon", diff --git a/libpod/kube.go b/libpod/kube.go index d0e7baf95..47a77991e 100644 --- a/libpod/kube.go +++ b/libpod/kube.go @@ -487,13 +487,16 @@ func generateKubeSecurityContext(c *Container) (*v1.SecurityContext, error) { if err := c.syncContainer(); err != nil { return nil, errors.Wrapf(err, "unable to sync container during YAML generation") } + logrus.Debugf("Looking in container for user: %s", c.User()) - u, err := lookup.GetUser(c.state.Mountpoint, c.User()) + execUser, err := lookup.GetUserGroupInfo(c.state.Mountpoint, c.User(), nil) if err != nil { return nil, err } - user := int64(u.Uid) - sc.RunAsUser = &user + uid := int64(execUser.Uid) + gid := int64(execUser.Gid) + sc.RunAsUser = &uid + sc.RunAsGroup = &gid } return &sc, nil } diff --git a/libpod/oci_attach_linux.go b/libpod/oci_attach_linux.go index eeaee6d43..46c70e7eb 100644 --- a/libpod/oci_attach_linux.go +++ b/libpod/oci_attach_linux.go @@ -152,7 +152,7 @@ func (c *Container) attachToExec(streams *AttachStreams, keys string, resize <-c func processDetachKeys(keys string) ([]byte, error) { // Check the validity of the provided keys first if len(keys) == 0 { - keys = define.DefaultDetachKeys + return []byte{}, nil } detachKeys, err := term.ToBytes(keys) if err != nil { |