Merge pull request #2186 from giuseppe/rootless-fix-pid-host

rootless: fix --pid=host without --privileged
2025-06-20 17:13:43 +08:00 · 2019-01-18 19:29:50 +01:00
parent 27de1c19e9 8156f8c694
commit 37002ad549
2 changed files with 8 additions and 0 deletions
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@ -376,6 +376,10 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint
 }

 func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) {
+	if config.PidMode.IsHost() && rootless.IsRootless() {
+		return
+	}
+
 	if !config.Privileged {
 		for _, mp := range []string{
 			"/proc/acpi",
--- a/test/e2e/rootless_test.go
+++ b/test/e2e/rootless_test.go
@ -276,6 +276,10 @@ var _ = Describe("Podman rootless", func() {
 		runRootlessHelper([]string{"--net", "host"})
 	})

+	It("podman rootless rootfs --pid host", func() {
+		runRootlessHelper([]string{"--pid", "host"})
+	})
+
 	It("podman rootless rootfs --privileged", func() {
 		runRootlessHelper([]string{"--privileged"})
 	})