opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-12-01 02:27:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

pkg/rootless: simplify reexec for container code

Browse Source 
The code currently tried to avoid joining the userns from conmon
directly and rather joined to only read the pid file and then send this
back to use so we could join the userns. From the comment this was done
because we could not read the pid file. However this is no longer true
as of commit 49eb5af301 and file is no always owned by the real user.

This means we can just remove this special logic and join the namespace
directly there. A test has been added to check the rejoin logic with a
custom uidmapping.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit is contained in:
Paul Holzinger
2024-07-05 16:20:28 +02:00
parent c276b28696
commit 3350cd3eed
7 changed files with 24 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
test/system/550-pause-process.bats
View File

@@ -119,7 +119,7 @@ function _check_pause_process() {
# First let's run a container in the background to keep the userns active
local cname1=c1_$(random_string)
run_podman run -d --name $cname1 $IMAGE top
run_podman run -d --name $cname1 --uidmap 0:100:100 $IMAGE top
run_podman unshare readlink /proc/self/ns/user
userns="$output"
@@ -136,6 +136,9 @@ function _check_pause_process() {
_test_sigproxy $cname2 $kidpid
# check pause process again
_check_pause_process
# our container exits 0 so podman should too
wait $kidpid || die "podman run exited $? instead of zero"