rootless: add management for the userNS

When running podman as non root user always create an userNS and let the OCI runtime use it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #936 Approved by: rhatdan
2025-06-25 03:52:15 +08:00 · 2018-06-11 16:03:34 +02:00
parent 8ee8f84734
commit 5ff90677c8
8 changed files with 303 additions and 20 deletions
--- a/pkg/spec/createconfig.go
+++ b/pkg/spec/createconfig.go
@ -16,6 +16,7 @@ import (
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/pkg/errors"
 	"github.com/projectatomic/libpod/libpod"
+	"github.com/projectatomic/libpod/pkg/rootless"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
 )
@ -360,7 +361,7 @@ func (c *CreateConfig) GetContainerCreateOptions() ([]libpod.CtrCreateOption, er
 	// does not have one
 	options = append(options, libpod.WithEntrypoint(c.Entrypoint))

-	if os.Getuid() != 0 {
+	if rootless.IsRootless() {
 		if !c.NetMode.IsHost() && !c.NetMode.IsNone() {
 			options = append(options, libpod.WithNetNS(portBindings, true))
 		}