opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-06 19:44:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

podman: assume user namespace if there are mappings

Browse Source 
if some mappings are specified, assume there is a private user
namespace.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano
2020-04-24 15:37:31 +02:00
parent 64d8b4eebb
commit 88f1994ab9
3 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cmd/podman/common/specgen.go
View File

@ -209,10 +209,15 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
} }
} }
s.IDMappings, err = util.ParseIDMapping(ns.UsernsMode(c.UserNS), c.UIDMap, c.GIDMap, c.SubUIDName, c.SubGIDName) userNS := ns.UsernsMode(c.UserNS)
s.IDMappings, err = util.ParseIDMapping(userNS, c.UIDMap, c.GIDMap, c.SubUIDName, c.SubGIDName)
if err != nil { if err != nil {
return err return err
} }
// If some mappings are specified, assume a private user namespace
if userNS.IsDefaultValue() && (!s.IDMappings.HostUIDMapping || !s.IDMappings.HostGIDMapping) {
s.UserNS.NSMode = specgen.Private
}
s.Terminal = c.TTY s.Terminal = c.TTY
ep, err := ExposedPorts(c.Expose, c.Net.PublishPorts, c.PublishAll, nil) ep, err := ExposedPorts(c.Expose, c.Net.PublishPorts, c.PublishAll, nil)

7
pkg/namespaces/namespaces.go
View File

@ -31,7 +31,7 @@ func (n CgroupMode) IsHost() bool {
// IsDefaultValue indicates whether the cgroup namespace has the default value. // IsDefaultValue indicates whether the cgroup namespace has the default value.
func (n CgroupMode) IsDefaultValue() bool { func (n CgroupMode) IsDefaultValue() bool {
return n == "" return n == "" || n == defaultType
} }
// IsNS indicates a cgroup namespace passed in by path (ns:<path>) // IsNS indicates a cgroup namespace passed in by path (ns:<path>)
@ -102,6 +102,11 @@ func (n UsernsMode) IsAuto() bool {
return parts[0] == "auto" return parts[0] == "auto"
} }
// IsDefaultValue indicates whether the user namespace has the default value.
func (n UsernsMode) IsDefaultValue() bool {
return n == "" || n == defaultType
}
// GetAutoOptions returns a AutoUserNsOptions with the settings to setup automatically // GetAutoOptions returns a AutoUserNsOptions with the settings to setup automatically
// a user namespace. // a user namespace.
func (n UsernsMode) GetAutoOptions() (*storage.AutoUserNsOptions, error) { func (n UsernsMode) GetAutoOptions() (*storage.AutoUserNsOptions, error) {

1
test/e2e/run_userns_test.go
View File

@ -218,7 +218,6 @@ var _ = Describe("Podman UserNS support", func() {
}) })
It("podman --userns=container:CTR", func() { It("podman --userns=container:CTR", func() {
Skip(v2fail)
ctrName := "userns-ctr" ctrName := "userns-ctr"
session := podmanTest.Podman([]string{"run", "-d", "--uidmap=0:0:1", "--uidmap=1:1:4998", "--name", ctrName, "alpine", "top"}) session := podmanTest.Podman([]string{"run", "-d", "--uidmap=0:0:1", "--uidmap=1:1:4998", "--name", ctrName, "alpine", "top"})
session.WaitWithDefaultTimeout() session.WaitWithDefaultTimeout()