From 0774a4ce131754b282443e85cc77c308123ef9c0 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Fri, 6 May 2022 20:35:17 +0200
Subject: kube: add support for --userns=

add support to override the user namespace to use for the pod.

Closes: https://github.com/containers/podman/issues/7504

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 pkg/specgen/generate/kube/kube.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'pkg/specgen/generate/kube/kube.go')

diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go
index 04195d15a..e4c149abf 100644
--- a/pkg/specgen/generate/kube/kube.go
+++ b/pkg/specgen/generate/kube/kube.go
@@ -120,6 +120,8 @@ type CtrSpecGenOptions struct {
 	RestartPolicy string
 	// NetNSIsHost tells the container to use the host netns
 	NetNSIsHost bool
+	// UserNSIsHost tells the container to use the host userns
+	UserNSIsHost bool
 	// SecretManager to access the secrets
 	SecretsManager *secrets.SecretsManager
 	// LogDriver which should be used for the container
@@ -389,8 +391,9 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
 	if opts.NetNSIsHost {
 		s.NetNS.NSMode = specgen.Host
 	}
-	// Always set the userns to host since k8s doesn't have support for userns yet
-	s.UserNS.NSMode = specgen.Host
+	if opts.UserNSIsHost {
+		s.UserNS.NSMode = specgen.Host
+	}
 
 	// Add labels that come from kube
 	if len(s.Labels) == 0 {
-- 
cgit v1.2.3-54-g00ecf