From 20ce6e5c6031bd4180514ec412760a294f8a83a2 Mon Sep 17 00:00:00 2001
From: cdoern <cdoern@redhat.com>
Date: Mon, 20 Dec 2021 10:23:08 -0500
Subject: Podman run --passwd

added support for a new flag --passwd which, when false prohibits podman from creating entries in
/etc/passwd and /etc/groups allowing users to modify those files in the container entrypoint

resolves #11805

Signed-off-by: cdoern <cdoern@redhat.com>
---
 pkg/api/handlers/libpod/containers_create.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'pkg/api/handlers/libpod')

diff --git a/pkg/api/handlers/libpod/containers_create.go b/pkg/api/handlers/libpod/containers_create.go
index 77bfe7b50..d1841769a 100644
--- a/pkg/api/handlers/libpod/containers_create.go
+++ b/pkg/api/handlers/libpod/containers_create.go
@@ -19,11 +19,15 @@ import (
 func CreateContainer(w http.ResponseWriter, r *http.Request) {
 	runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
 	var sg specgen.SpecGenerator
+
 	if err := json.NewDecoder(r.Body).Decode(&sg); err != nil {
 		utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "Decode()"))
 		return
 	}
-
+	if sg.Passwd == nil {
+		t := true
+		sg.Passwd = &t
+	}
 	warn, err := generate.CompleteSpec(r.Context(), runtime, &sg)
 	if err != nil {
 		utils.InternalServerError(w, err)
-- 
cgit v1.2.3-54-g00ecf