rootless: add management for the userNS

When running podman as non root user always create an userNS and let the OCI runtime use it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #936 Approved by: rhatdan
2025-12-09 23:27:09 +08:00 · 2018-06-11 16:03:34 +02:00
parent 8ee8f84734
commit 5ff90677c8
8 changed files with 303 additions and 20 deletions
--- a/cmd/podman/main.go
+++ b/cmd/podman/main.go
@@ -11,6 +11,7 @@ import (
 	"github.com/pkg/errors"
 	"github.com/projectatomic/libpod/pkg/hooks"
 	_ "github.com/projectatomic/libpod/pkg/hooks/0.1.0"
+	"github.com/projectatomic/libpod/pkg/rootless"
 	"github.com/projectatomic/libpod/version"
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
@@ -26,6 +27,15 @@ func main() {
 	debug := false
 	cpuProfile := false

+	became, err := rootless.BecomeRootInUserNS()
+	if err != nil {
+		logrus.Errorf(err.Error())
+		os.Exit(1)
+	}
+	if became {
+		os.Exit(0)
+	}
+
 	if reexec.Init() {
 		return
 	}