From 64d8b4eebb01c6647b0588475c785cdd075389d3 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 24 Apr 2020 14:54:43 +0200 Subject: podman: implement userns=keep-id add missing implementation for userns=keep-id and enable the user namespaces tests. Signed-off-by: Giuseppe Scrivano --- test/e2e/run_userns_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/e2e') diff --git a/test/e2e/run_userns_test.go b/test/e2e/run_userns_test.go index a4e99ab71..d4b4f9024 100644 --- a/test/e2e/run_userns_test.go +++ b/test/e2e/run_userns_test.go @@ -22,7 +22,6 @@ var _ = Describe("Podman UserNS support", func() { ) BeforeEach(func() { - Skip(v2fail) if os.Getenv("SKIP_USERNS") != "" { Skip("Skip userns tests.") } @@ -219,6 +218,7 @@ var _ = Describe("Podman UserNS support", func() { }) It("podman --userns=container:CTR", func() { + Skip(v2fail) ctrName := "userns-ctr" session := podmanTest.Podman([]string{"run", "-d", "--uidmap=0:0:1", "--uidmap=1:1:4998", "--name", ctrName, "alpine", "top"}) session.WaitWithDefaultTimeout() -- cgit v1.2.3-54-g00ecf From 88f1994ab9a0bf3a8df3c8f74a39cd1db27c2070 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 24 Apr 2020 15:37:31 +0200 Subject: podman: assume user namespace if there are mappings if some mappings are specified, assume there is a private user namespace. Signed-off-by: Giuseppe Scrivano --- cmd/podman/common/specgen.go | 7 ++++++- pkg/namespaces/namespaces.go | 7 ++++++- test/e2e/run_userns_test.go | 1 - 3 files changed, 12 insertions(+), 3 deletions(-) (limited to 'test/e2e') diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go index ce91e0b2e..ed45a6595 100644 --- a/cmd/podman/common/specgen.go +++ b/cmd/podman/common/specgen.go @@ -209,10 +209,15 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string } } - s.IDMappings, err = util.ParseIDMapping(ns.UsernsMode(c.UserNS), c.UIDMap, c.GIDMap, c.SubUIDName, c.SubGIDName) + userNS := ns.UsernsMode(c.UserNS) + s.IDMappings, err = util.ParseIDMapping(userNS, c.UIDMap, c.GIDMap, c.SubUIDName, c.SubGIDName) if err != nil { return err } + // If some mappings are specified, assume a private user namespace + if userNS.IsDefaultValue() && (!s.IDMappings.HostUIDMapping || !s.IDMappings.HostGIDMapping) { + s.UserNS.NSMode = specgen.Private + } s.Terminal = c.TTY ep, err := ExposedPorts(c.Expose, c.Net.PublishPorts, c.PublishAll, nil) diff --git a/pkg/namespaces/namespaces.go b/pkg/namespaces/namespaces.go index 2cb3c3f20..2ffbde977 100644 --- a/pkg/namespaces/namespaces.go +++ b/pkg/namespaces/namespaces.go @@ -31,7 +31,7 @@ func (n CgroupMode) IsHost() bool { // IsDefaultValue indicates whether the cgroup namespace has the default value. func (n CgroupMode) IsDefaultValue() bool { - return n == "" + return n == "" || n == defaultType } // IsNS indicates a cgroup namespace passed in by path (ns:) @@ -102,6 +102,11 @@ func (n UsernsMode) IsAuto() bool { return parts[0] == "auto" } +// IsDefaultValue indicates whether the user namespace has the default value. +func (n UsernsMode) IsDefaultValue() bool { + return n == "" || n == defaultType +} + // GetAutoOptions returns a AutoUserNsOptions with the settings to setup automatically // a user namespace. func (n UsernsMode) GetAutoOptions() (*storage.AutoUserNsOptions, error) { diff --git a/test/e2e/run_userns_test.go b/test/e2e/run_userns_test.go index d4b4f9024..25f12ec2e 100644 --- a/test/e2e/run_userns_test.go +++ b/test/e2e/run_userns_test.go @@ -218,7 +218,6 @@ var _ = Describe("Podman UserNS support", func() { }) It("podman --userns=container:CTR", func() { - Skip(v2fail) ctrName := "userns-ctr" session := podmanTest.Podman([]string{"run", "-d", "--uidmap=0:0:1", "--uidmap=1:1:4998", "--name", ctrName, "alpine", "top"}) session.WaitWithDefaultTimeout() -- cgit v1.2.3-54-g00ecf