From 1c73404fe142e7ac09200ea26945dddff8f44431 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Wed, 19 Sep 2018 10:12:36 +0200
Subject: create, rootless: join the userns of container:CONTAINER

so that we can also join the requested namespace.

Closes: https://github.com/containers/libpod/issues/1453

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

Closes: #1507
Approved by: rhatdan
---
 cmd/podman/create.go | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'cmd/podman')

diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index 6842a9f77..134752f88 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -802,6 +802,11 @@ func parseCreateOpts(ctx context.Context, c *cli.Context, runtime *libpod.Runtim
 	return config, nil
 }
 
+type namespace interface {
+	IsContainer() bool
+	Container() string
+}
+
 func joinOrCreateRootlessUserNamespace(createConfig *cc.CreateConfig, runtime *libpod.Runtime) (bool, int, error) {
 	if os.Geteuid() == 0 {
 		return false, 0, nil
@@ -833,5 +838,19 @@ func joinOrCreateRootlessUserNamespace(createConfig *cc.CreateConfig, runtime *l
 		}
 	}
 
+	namespaces := []namespace{createConfig.IpcMode, createConfig.NetMode, createConfig.UsernsMode, createConfig.PidMode, createConfig.UtsMode}
+	for _, i := range namespaces {
+		if i.IsContainer() {
+			ctr, err := runtime.LookupContainer(i.Container())
+			if err != nil {
+				return false, -1, err
+			}
+			pid, err := ctr.PID()
+			if err != nil {
+				return false, -1, err
+			}
+			return rootless.JoinNS(uint(pid))
+		}
+	}
 	return rootless.BecomeRootInUserNS()
 }
-- 
cgit v1.2.3-54-g00ecf