opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-11-29 01:28:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: improve userns validation when joining pods

Browse Source 
- remove old CLI validation that only checked --pod flag
- add validation in namespaces.go to catch all paths (cli, quadlet, api)
- block userns mixing for all pods with infra, not just ipc/net
- update error message to be clearer
- fix test cleanup to use PodmanExitCleanly()
- use dynamic pod names in system tests to avoid conflicts

fixes #26848

Signed-off-by: 0xdvc <neilohene@gmail.com>
This commit is contained in:
0xdvc
2025-11-25 07:07:39 +00:00
parent 90a03ca080
commit 417430c451
5 changed files with 39 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
test/e2e/pod_create_test.go
View File

@@ -803,7 +803,7 @@ ENTRYPOINT ["sleep","99999"]
// fail if --pod and --userns set together
session = podmanTest.Podman([]string{"run", "--pod", podName, "--userns", "keep-id", ALPINE, "id", "-u"})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitWithError(125, "--userns and --pod cannot be set together"))
Expect(session).Should(ExitWithError(125, "cannot set user namespace mode when joining pod with infra container"))
})
It("podman pod create with --userns=keep-id can add users", func() {