From 0e36e65eaa1bab89b5d0a7a66253338e723429c5 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sun, 7 Mar 2021 06:11:54 -0500 Subject: Allow users to generate a kubernetes yaml off non running containers Currently if you attempt to create a kube.yaml file off of a non running container where the container runs as a specific User, the creation fails because the storage container is not mounted. Podman is supposed to read the /etc/passwd entry inside of the container but since the container is not mounted, the c.State.Mountpoint == "". Podman incorrectly attempts to read /etc/passwd on the host, and fails if the specified user is not in the hosts /etc/passwd. This PR mounts the storage container, if it was not mounted so the read succeeds. Signed-off-by: Daniel J Walsh --- libpod/kube.go | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'libpod') diff --git a/libpod/kube.go b/libpod/kube.go index 0c4f9f0a0..6feb69fea 100644 --- a/libpod/kube.go +++ b/libpod/kube.go @@ -676,8 +676,18 @@ func generateKubeSecurityContext(c *Container) (*v1.SecurityContext, error) { return nil, errors.Wrapf(err, "unable to sync container during YAML generation") } + mountpoint := c.state.Mountpoint + if mountpoint == "" { + var err error + mountpoint, err = c.mount() + if err != nil { + return nil, errors.Wrapf(err, "failed to mount %s mountpoint", c.ID()) + } + defer c.unmount(false) + } logrus.Debugf("Looking in container for user: %s", c.User()) - execUser, err := lookup.GetUserGroupInfo(c.state.Mountpoint, c.User(), nil) + + execUser, err := lookup.GetUserGroupInfo(mountpoint, c.User(), nil) if err != nil { return nil, err } -- cgit v1.2.3-54-g00ecf