opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-11-01 10:45:52 +08:00
Code Issues Packages Projects Releases Wiki Activity

quadlet: Rework uid/gid remapping

Browse Source 
Quadlet was doing some custom handling of uid/gid remapping, originating
from pre --userns=auto support, including its own user for getting subuids
which kinda conflicts with the "container" user used for that.

This drops all the old support for id remapping in favour of a new set
of keys that more directly map to the podman run options.

We have essentially 3 modes now:

```
RemapUsers=manual
RemapUid=0:10000:10
RemapUid=10:20000:10
RemapGid=0:10000:10
RemapGid=10:20000:10
```

This maps to --uidmap and --gidmap options.

```
RemapUsers=auto
```

This maps to --userns=auto. But you can additionally specify RemapUid,
RemapGid and RemapUidSize which gets applied as options to the
--userns podman option.

```
RemapUsers=keep-id
```
This maps to --userns=keep-id and only works for user units.

Signed-off-by: Alexander Larsson <alexl@redhat.com>
This commit is contained in:
Alexander Larsson
2022-11-21 17:12:37 +01:00
parent 3f76f29adb
commit 285d6c9ba0
17 changed files with 116 additions and 915 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
test/e2e/quadlet_test.go
View File

@ -280,8 +280,6 @@ var _ = Describe("quadlet system generator", func() {
Entry("name.container", "name.container"),
Entry("network.container", "network.container"),
Entry("noimage.container", "noimage.container"),
Entry("noremapuser2.container", "noremapuser2.container"),
Entry("noremapuser.container", "noremapuser.container"),
Entry("notify.container", "notify.container"),
Entry("other-sections.container", "other-sections.container"),
Entry("podmanargs.container", "podmanargs.container"),
@ -294,9 +292,9 @@ var _ = Describe("quadlet system generator", func() {
Entry("shortname.container", "shortname.container"),
Entry("timezone.container", "timezone.container"),
Entry("user.container", "user.container"),
Entry("user-host.container", "user-host.container"),
Entry("user-root1.container", "user-root1.container"),
Entry("user-root2.container", "user-root2.container"),
Entry("remap-manual.container", "remap-manual.container"),
Entry("remap-auto.container", "remap-auto.container"),
Entry("remap-auto2.container", "remap-auto2.container"),
Entry("volume.container", "volume.container"),
Entry("basic.volume", "basic.volume"),