From 3e6637a3b00dbf1fa6984d625922780c397521cf Mon Sep 17 00:00:00 2001 From: Kristian Klausen Date: Fri, 21 Oct 2022 16:12:01 +0200 Subject: [PATCH] volumes: Fix idmap not working for volumes idmap is documented as supported for volumes, but it was not added to the getNamedVolume() function. Fixes: e83d36665 ("volumes: add new option idmap") Signed-off-by: Kristian Klausen --- pkg/specgenutil/volumes.go | 6 ++++++ test/e2e/run_userns_test.go | 10 ++++++++++ 2 files changed, 16 insertions(+) diff --git a/pkg/specgenutil/volumes.go b/pkg/specgenutil/volumes.go index fe2216d80e..503d82177a 100644 --- a/pkg/specgenutil/volumes.go +++ b/pkg/specgenutil/volumes.go @@ -584,6 +584,12 @@ func getNamedVolume(args []string) (*specgen.NamedVolume, error) { } newVolume.Dest = unixPathClean(kv[1]) setDest = true + case "idmap": + if len(kv) > 1 { + newVolume.Options = append(newVolume.Options, fmt.Sprintf("idmap=%s", kv[1])) + } else { + newVolume.Options = append(newVolume.Options, "idmap") + } case "U", "chown": if setOwnership { return newVolume, fmt.Errorf("cannot pass 'U' or 'chown' option more than once: %w", errOptionArg) diff --git a/test/e2e/run_userns_test.go b/test/e2e/run_userns_test.go index c485f15222..07f00351bd 100644 --- a/test/e2e/run_userns_test.go +++ b/test/e2e/run_userns_test.go @@ -94,6 +94,16 @@ var _ = Describe("Podman UserNS support", func() { Expect(session.OutputToString()).To(ContainSubstring("hello")) }) + It("podman uidmapping and gidmapping with a idmapped volume", func() { + session := podmanTest.Podman([]string{"run", "--uidmap=0:1:500", "--gidmap=0:200:5000", "-v", "my-foo-volume:/foo:Z,idmap", "alpine", "echo", "hello"}) + session.WaitWithDefaultTimeout() + if strings.Contains(session.ErrorToString(), "Operation not permitted") { + Skip("not sufficiently privileged") + } + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).To(ContainSubstring("hello")) + }) + It("podman uidmapping and gidmapping --net=host", func() { session := podmanTest.Podman([]string{"run", "--net=host", "--uidmap=0:1:5000", "--gidmap=0:200:5000", "alpine", "echo", "hello"}) session.WaitWithDefaultTimeout()