Merge pull request #18601 from giuseppe/block-PODMAN_USERNS-and---pod

run: block PODMAN_USERNS and --pod

docs/source/markdown/options/userns.container.md

@@ -4,7 +4,7 @@
 ####> are applicable to all of those.
 #### **--userns**=*mode*
 
-Set the user namespace mode for the container. It defaults to the **PODMAN_USERNS** environment variable. An empty value ("") means user namespaces are disabled unless an explicit mapping is set with the **--uidmap** and **--gidmap** options.
+Set the user namespace mode for the container. It defaults to the **PODMAN_USERNS** environment variable unless `--pod` is specified. An empty value ("") means user namespaces are disabled unless an explicit mapping is set with the **--uidmap** and **--gidmap** options.
 
 This option is incompatible with **--gidmap**, **--uidmap**, **--subuidname** and **--subgidname**.
 

pkg/specgenutil/specgen.go

@@ -220,9 +220,9 @@ func setNamespaces(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions)
 			return err
 		}
 	}
-	userns := os.Getenv("PODMAN_USERNS")
+	userns := c.UserNS
-	if c.UserNS != "" {
+	if userns == "" && c.Pod == "" {
-		userns = c.UserNS
+		userns = os.Getenv("PODMAN_USERNS")
 	}
 	// userns must be treated differently
 	if userns != "" {

test/e2e/run_userns_test.go

@@ -395,6 +395,11 @@ var _ = Describe("Podman UserNS support", func() {
 		inspect.WaitWithDefaultTimeout()
 		Expect(inspect.OutputToString()).To(Not(Equal("<nil>")))
 
+		// --pod should work.
+		result = podmanTest.Podman([]string{"create", "--pod=new:new-pod", ALPINE, "true"})
+		result.WaitWithDefaultTimeout()
+		Expect(result).Should(Exit(0))
+
 		if IsRemote() {
 			podmanTest.RestartRemoteService()
 		}