opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-03 20:33:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

pods: do not to join a userns if there is not any

Browse Source 
do not attempt to join the user namespace if the pod is running in the
host user namespace.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano
2019-07-25 14:55:05 +02:00
parent 7c9095ea1d
commit ba5741e398
2 changed files with 32 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
pkg/adapter/pods.go
View File

@ -492,14 +492,28 @@ func (r *LocalRuntime) PlayKubeYAML(ctx context.Context, c *cliconfig.KubePlayVa
if err != nil {
return nil, err
}
hasUserns := false
if podInfraID != "" {
podCtr, err := r.GetContainer(podInfraID)
if err != nil {
return nil, err
}
mappings, err := podCtr.IDMappings()
if err != nil {
return nil, err
}
hasUserns = len(mappings.UIDMap) > 0
}
namespaces := map[string]string{
// Disabled during code review per mheon
//"pid": fmt.Sprintf("container:%s", podInfraID),
"net": fmt.Sprintf("container:%s", podInfraID),
"user": fmt.Sprintf("container:%s", podInfraID),
"ipc": fmt.Sprintf("container:%s", podInfraID),
"uts": fmt.Sprintf("container:%s", podInfraID),
"net": fmt.Sprintf("container:%s", podInfraID),
"ipc": fmt.Sprintf("container:%s", podInfraID),
"uts": fmt.Sprintf("container:%s", podInfraID),
}
if hasUserns {
namespaces["user"] = fmt.Sprintf("container:%s", podInfraID)
}
if !c.Quiet {
writer = os.Stderr