| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
| |
change the tests to use chroot to set a numeric UID/GID.
Go syscall.Credential doesn't change the effective UID/GID of the
process.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1372
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1371
Approved by: rhatdan
|
|
|
|
|
| |
Closes: #1206
Approved by: giuseppe
|
|
|
|
|
|
| |
Closes: https://github.com/projectatomic/libpod/issues/1189
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
rootless: unshare mount namespace
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
unshare the mount namespace as well when creating an user namespace so
that we are the owner of the mount namespace and we can mount FUSE
file systems on Linux 4.18. Tested on Fedora Rawhide:
podman --storage-opt overlay.fuse_program=/usr/bin/fuse-overlayfs run alpine echo hello
hello
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
use execvp instead of exec so that we keep the PATH environment
variable and the lookup for the "podman" executable works.
Closes: https://github.com/projectatomic/libpod/issues/1070
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1072
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
| |
After we re-exec in the userNS os.Getuid() returns the new UID (= 0)
which is not what we want to use.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1048
Approved by: mheon
|
|
|
|
|
|
|
|
|
| |
Additional groups are not allowed in an userNS.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #936
Approved by: rhatdan
|
|
When running podman as non root user always create an userNS and let
the OCI runtime use it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #936
Approved by: rhatdan
|