mirror of
https://github.com/containers/podman.git
synced 2025-08-06 19:44:14 +08:00
Add support for podman build --group-add
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
@ -573,6 +573,7 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil
|
||||
Err: stderr,
|
||||
ForceRmIntermediateCtrs: flags.ForceRm,
|
||||
From: flags.From,
|
||||
GroupAdd: flags.GroupAdd,
|
||||
IDMappingOptions: idmappingOptions,
|
||||
In: stdin,
|
||||
Isolation: isolation,
|
||||
|
@ -287,6 +287,20 @@ expected. For example, oci-archive:/x.tar will reference /x.tar on the remote
|
||||
machine instead of on the client. When using podman remote clients it is
|
||||
best to restrict use to *containers-storage*, and *docker:// transports*.
|
||||
|
||||
#### **--group-add**=*group* | *keep-groups*
|
||||
|
||||
Assign additional groups to the primary user running within the container
|
||||
process.
|
||||
|
||||
- `keep-groups` is a special value that tells Buildah to keep the supplementary
|
||||
group access.
|
||||
|
||||
Allows container to use the user's supplementary group access. If file systems
|
||||
or devices are only accessible by the rootless user's group, this flag tells the
|
||||
OCI runtime to pass the group access into the container. Currently only
|
||||
available with the `crun` OCI runtime. Note: `keep-groups` is exclusive, other
|
||||
groups cannot be specified with this flag.
|
||||
|
||||
#### **--help**, **-h**
|
||||
|
||||
Print usage statement
|
||||
|
@ -10,4 +10,4 @@ serve: ${SWAGGER_OUT}
|
||||
${SWAGGER_OUT}:
|
||||
# generate doesn't remove file on error
|
||||
rm -f ${SWAGGER_OUT}
|
||||
swagger generate spec -o ${SWAGGER_OUT} -i tags.yaml -w ./ -m
|
||||
swagger generate spec -x github.com/sigstore/rekor -o ${SWAGGER_OUT} -i tags.yaml -w ./ -m
|
||||
|
@ -99,6 +99,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
|
||||
Excludes string `schema:"excludes"`
|
||||
ForceRm bool `schema:"forcerm"`
|
||||
From string `schema:"from"`
|
||||
GroupAdd []string `schema:"groupadd"`
|
||||
HTTPProxy bool `schema:"httpproxy"`
|
||||
IDMappingOptions string `schema:"idmappingoptions"`
|
||||
IdentityLabel bool `schema:"identitylabel"`
|
||||
@ -665,6 +666,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
|
||||
Err: auxout,
|
||||
Excludes: excludes,
|
||||
ForceRmIntermediateCtrs: query.ForceRm,
|
||||
GroupAdd: query.GroupAdd,
|
||||
From: fromImage,
|
||||
IDMappingOptions: &idMappingOptions,
|
||||
IgnoreUnrecognizedInstructions: query.Ignore,
|
||||
|
@ -309,6 +309,10 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO
|
||||
params.Add("volume", volume)
|
||||
}
|
||||
|
||||
for _, group := range options.GroupAdd {
|
||||
params.Add("groupadd", group)
|
||||
}
|
||||
|
||||
var err error
|
||||
var contextDir string
|
||||
if contextDir, err = filepath.EvalSymlinks(options.ContextDirectory); err == nil {
|
||||
|
Reference in New Issue
Block a user