From 88f1994ab9a0bf3a8df3c8f74a39cd1db27c2070 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 24 Apr 2020 15:37:31 +0200 Subject: podman: assume user namespace if there are mappings if some mappings are specified, assume there is a private user namespace. Signed-off-by: Giuseppe Scrivano --- cmd/podman/common/specgen.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'cmd') diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go index ce91e0b2e..ed45a6595 100644 --- a/cmd/podman/common/specgen.go +++ b/cmd/podman/common/specgen.go @@ -209,10 +209,15 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string } } - s.IDMappings, err = util.ParseIDMapping(ns.UsernsMode(c.UserNS), c.UIDMap, c.GIDMap, c.SubUIDName, c.SubGIDName) + userNS := ns.UsernsMode(c.UserNS) + s.IDMappings, err = util.ParseIDMapping(userNS, c.UIDMap, c.GIDMap, c.SubUIDName, c.SubGIDName) if err != nil { return err } + // If some mappings are specified, assume a private user namespace + if userNS.IsDefaultValue() && (!s.IDMappings.HostUIDMapping || !s.IDMappings.HostGIDMapping) { + s.UserNS.NSMode = specgen.Private + } s.Terminal = c.TTY ep, err := ExposedPorts(c.Expose, c.Net.PublishPorts, c.PublishAll, nil) -- cgit v1.2.3-54-g00ecf