opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-23 10:38:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

libpod: specify mappings to the storage

Browse Source 
specify the mappings in the container configuration to the storage
when creating the container so that the correct mappings can be
configured.

Regression introduced with Podman 2.0.

Closes: https://github.com/containers/libpod/issues/6735

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano
2020-06-24 11:25:47 +02:00
parent 5fe122bf52
commit 370195cf78
2 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
libpod/container_internal.go
View File

@ -22,6 +22,7 @@ import (
"github.com/containers/libpod/pkg/selinux"
"github.com/containers/storage"
"github.com/containers/storage/pkg/archive"
"github.com/containers/storage/pkg/idtools"
"github.com/containers/storage/pkg/mount"
securejoin "github.com/cyphar/filepath-securejoin"
spec "github.com/opencontainers/runtime-spec/specs-go"
@ -360,6 +361,25 @@ func (c *Container) setupStorageMapping(dest, from *storage.IDMappingOptions) {
}
dest.AutoUserNsOpts.InitialSize = initialSize + 1
}
} else if c.config.Spec.Linux != nil {
dest.UIDMap = nil
for _, r := range c.config.Spec.Linux.UIDMappings {
u := idtools.IDMap{
ContainerID: int(r.ContainerID),
HostID: int(r.HostID),
Size: int(r.Size),
}
dest.UIDMap = append(dest.UIDMap, u)
}
dest.GIDMap = nil
for _, r := range c.config.Spec.Linux.GIDMappings {
g := idtools.IDMap{
ContainerID: int(r.ContainerID),
HostID: int(r.HostID),
Size: int(r.Size),
}
dest.GIDMap = append(dest.GIDMap, g)
}
}
}

7
test/e2e/run_userns_test.go
View File

@ -89,6 +89,13 @@ var _ = Describe("Podman UserNS support", func() {
Expect(ok).To(BeTrue())
})
It("podman --userns=keep-id root owns /usr", func() {
session := podmanTest.Podman([]string{"run", "--userns=keep-id", "alpine", "stat", "-c%u", "/usr"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
Expect(session.OutputToString()).To(Equal("0"))
})
It("podman --userns=keep-id --user root:root", func() {
session := podmanTest.Podman([]string{"run", "--userns=keep-id", "--user", "root:root", "alpine", "id", "-u"})
session.WaitWithDefaultTimeout()