In podman 1.* regression on --cap-add

In podman 1.0 if you executed a command like: podman run --user dwalsh --cap-add net_bind_service alpine nc -l 80 It would work, and the user dwalsh would get the capability, in podman 2.0, only root and the binding set gets the capability. This change restores us back to the way podman 1.0 worked. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-11-01 02:42:11 +08:00 · 2020-08-17 06:28:45 -04:00
parent 516196f096
commit 3848cac860
51 changed files with 630 additions and 332 deletions
--- a/vendor/github.com/containers/common/pkg/config/config_local.go
+++ b/vendor/github.com/containers/common/pkg/config/config_local.go
@ -7,6 +7,7 @@ import (
 	"os"
 	"path/filepath"
 	"regexp"
+	"strings"
 	"syscall"

 	units "github.com/docker/go-units"
@ -81,12 +82,24 @@ func (c *ContainersConfig) validateTZ() error {
 	if c.TZ == "local" {
 		return nil
 	}
-	zonePath := filepath.Join("/usr/share/zoneinfo", c.TZ)
-	_, err := os.Stat(zonePath)
-	if err != nil {
-		return fmt.Errorf("Unrecognized timezone %s", zonePath)
+
+	lookupPaths := []string{
+		"/usr/share/zoneinfo",
+		"/etc/zoneinfo",
 	}
-	return nil
+
+	for _, paths := range lookupPaths {
+		zonePath := filepath.Join(paths, c.TZ)
+		if _, err := os.Stat(zonePath); err == nil {
+			// found zone information
+			return nil
+		}
+	}
+
+	return fmt.Errorf(
+		"unable to find timezone %s in paths: %s",
+		c.TZ, strings.Join(lookupPaths, ", "),
+	)
 }

 func (c *ContainersConfig) validateUmask() error {