From 80c0fceb24b70a85f3f2ca8be29f4a131c0881d4 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Wed, 13 Apr 2022 14:06:05 -0400
Subject: Add support for --userns=nomap

From a security point of view, it would be nice to be able to map a
rootless usernamespace that does not use your own UID within the
container.

This would add protection against a hostile process escapping the
container and reading content in your homedir.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 cmd/podman/common/completion.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'cmd/podman')

diff --git a/cmd/podman/common/completion.go b/cmd/podman/common/completion.go
index 3d36162ee..abb943942 100644
--- a/cmd/podman/common/completion.go
+++ b/cmd/podman/common/completion.go
@@ -756,7 +756,7 @@ func AutocompleteNamespace(cmd *cobra.Command, args []string, toComplete string)
 // -> same as AutocompleteNamespace with "auto", "keep-id" added
 func AutocompleteUserNamespace(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 	results, directive := AutocompleteNamespace(cmd, args, toComplete)
-	results = append(results, "auto", "keep-id")
+	results = append(results, "auto", "keep-id", "nomap")
 	return results, directive
 }
 
-- 
cgit v1.2.3-54-g00ecf