Merge pull request #17684 from giuseppe/version-no-userns

cmd: do not require userns for "version"
2025-06-25 20:26:51 +08:00 · 2023-03-03 16:56:05 +01:00
parent 3f0f558609 0498ce3a56
commit 76642d5ad3
5 changed files with 7 additions and 11 deletions
--- a/cmd/podman/images/scp.go
+++ b/cmd/podman/images/scp.go
@ -15,8 +15,7 @@ var (
 	imageScpCommand    = &cobra.Command{
 		Use: "scp [options] IMAGE [HOST::]",
 		Annotations: map[string]string{
-			registry.UnshareNSRequired: "",
-			registry.ParentNSRequired:  "",
+			registry.ParentNSRequired: "",
 		},
 		Long:              saveScpDescription,
 		Short:             "securely copy images",
--- a/cmd/podman/main.go
+++ b/cmd/podman/main.go
@ -76,18 +76,11 @@ func parseCommands() *cobra.Command {
 		// Command cannot be run rootless
 		_, found := c.Command.Annotations[registry.UnshareNSRequired]
 		if found {
-			if rootless.IsRootless() && os.Getuid() != 0 && c.Command.Name() != "scp" {
+			if rootless.IsRootless() && os.Getuid() != 0 {
 				c.Command.RunE = func(cmd *cobra.Command, args []string) error {
 					return fmt.Errorf("cannot run command %q in rootless mode, must execute `podman unshare` first", cmd.CommandPath())
 				}
 			}
-		} else {
-			_, found = c.Command.Annotations[registry.ParentNSRequired]
-			if rootless.IsRootless() && found && c.Command.Name() != "scp" {
-				c.Command.RunE = func(cmd *cobra.Command, args []string) error {
-					return fmt.Errorf("cannot run command %q in rootless mode", cmd.CommandPath())
-				}
-			}
 		}
 		addCommand(c)
 	}
--- a/cmd/podman/registry/config.go
+++ b/cmd/podman/registry/config.go
@ -17,7 +17,7 @@ const (
 	// NoMoveProcess used as cobra.Annotation when command doesn't need Podman to be moved to a separate cgroup
 	NoMoveProcess = "NoMoveProcess"

-	// ParentNSRequired used as cobra.Annotation when command requires root access
+	// ParentNSRequired used as cobra.Annotation when a command should not be run in the podman rootless user namespace, also requires updates in `pkg/rootless/rootless_linux.c` in function `can_use_shortcut()` to exclude the command name there.
 	ParentNSRequired = "ParentNSRequired"

 	// UnshareNSRequired used as cobra.Annotation when command requires modified user namespace
--- a/cmd/podman/system/version.go
+++ b/cmd/podman/system/version.go
@ -22,6 +22,9 @@ var (
 		Short:             "Display the Podman version information",
 		RunE:              version,
 		ValidArgsFunction: completion.AutocompleteNone,
+		Annotations: map[string]string{
+			registry.ParentNSRequired: "",
+		},
 	}
 	versionFormat string
 )
--- a/pkg/rootless/rootless_linux.c
+++ b/pkg/rootless/rootless_linux.c
@ -386,6 +386,7 @@ can_use_shortcut (char **argv)

      if (strcmp (argv[argc], "mount") == 0
          || strcmp (argv[argc], "machine") == 0
+          || strcmp (argv[argc], "version") == 0
          || strcmp (argv[argc], "context") == 0
          || strcmp (argv[argc], "search") == 0
          || (strcmp (argv[argc], "system") == 0 && argv[argc+1] && strcmp (argv[argc+1], "service") != 0))