Merge pull request #17174 from rhatdan/pod

Get correct username in pod when using --userns=keep-id
2025-06-22 18:08:11 +08:00 · 2023-01-24 16:23:45 -05:00
parent eef60ef288 c4aae9b47e
commit 8073e90ed5
3 changed files with 22 additions and 3 deletions
--- a/libpod/container_internal_common.go
+++ b/libpod/container_internal_common.go
@ -2465,6 +2465,10 @@ func (c *Container) generateUserPasswdEntry(addedUID int) (string, error) {
 		return entry, nil
 	}

+	u, err := user.LookupId(fmt.Sprintf("%d", uid))
+	if err == nil {
+		return fmt.Sprintf("%s:*:%d:%d:%s:%s:/bin/sh\n", u.Username, uid, gid, u.Name, c.WorkingDir()), nil
+	}
 	return fmt.Sprintf("%d:*:%d:%d:container user:%s:/bin/sh\n", uid, uid, gid, c.WorkingDir()), nil
 }

--- a/test/e2e/pod_create_test.go
+++ b/test/e2e/pod_create_test.go
@ -711,12 +711,14 @@ ENTRYPOINT ["sleep","99999"]
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))

-		// container inside pod inherits user form infra container if --user is not set
-		// etc/passwd entry will look like 1000:*:1000:1000:container user:/:/bin/sh
+		u, err := user.Current()
+		Expect(err).ToNot(HaveOccurred())
+		// container inside pod inherits user from infra container if --user is not set
+		// etc/passwd entry will look like USERNAME:*:1000:1000:Full User Name:/:/bin/sh
 		exec1 := podmanTest.Podman([]string{"exec", ctrName, "cat", "/etc/passwd"})
 		exec1.WaitWithDefaultTimeout()
 		Expect(exec1).Should(Exit(0))
-		Expect(exec1.OutputToString()).To(ContainSubstring("container"))
+		Expect(exec1.OutputToString()).To(ContainSubstring(u.Name))

 		exec2 := podmanTest.Podman([]string{"exec", ctrName, "useradd", "testuser"})
 		exec2.WaitWithDefaultTimeout()
--- a/test/system/170-run-userns.bats
+++ b/test/system/170-run-userns.bats
@ -140,3 +140,16 @@ EOF
        is "${output}" "Error: keep-id is only supported in rootless mode" "Container should fail to start since keep-id is not supported in rootful mode"
    fi
 }
+
+@test "podman userns=keep-id in a pod" {
+    if is_rootless; then
+        user=$(id -u)
+	run_podman pod create --userns keep-id
+	pid=$output
+        run_podman run --rm --pod $pid $IMAGE id -u
+        is "${output}" "$user" "Container should run as the current user"
+    else
+	run_podman 125 pod create --userns keep-id
+        is "${output}" 'Error:.*keep-id is only supported in rootless mode' "pod should fail to be created since keep-id is not supported in rootful mode"
+    fi
+}