specgenutil: record the pod userns in the annotations

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

pkg/specgenutil/specgen.go

@@ -516,6 +516,10 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
 	if len(s.Annotations) == 0 {
 		s.Annotations = annotations
 	}
+	// Add the user namespace configuration to the annotations
+	if c.UserNS != "" {
+		s.Annotations[define.UserNsAnnotation] = c.UserNS
+	}
 
 	if len(c.StorageOpts) > 0 {
 		opts := make(map[string]string, len(c.StorageOpts))

pkg/specgenutil/specgenutil_test.go

@@ -8,6 +8,7 @@ import (
 	"testing"
 
 	"github.com/containers/common/pkg/machine"
+	"github.com/containers/podman/v5/libpod/define"
 	"github.com/containers/podman/v5/pkg/domain/entities"
 	"github.com/containers/podman/v5/pkg/specgen"
 	"github.com/stretchr/testify/assert"
@@ -216,3 +217,16 @@ func TestGenRlimits(t *testing.T) {
 	_, err = GenRlimits([]string{"nofile=bar:buzz"})
 	assert.Error(t, err, "err is not nil")
 }
+
+func TestFillOutSpecGenRecorsUserNs(t *testing.T) {
+	sg := specgen.NewSpecGenerator("nothing", false)
+	err := FillOutSpecGen(sg, &entities.ContainerCreateOptions{
+		ImageVolume: "ignore",
+		UserNS:      "keep-id",
+	}, []string{})
+	assert.NoError(t, err)
+
+	v, ok := sg.Annotations[define.UserNsAnnotation]
+	assert.True(t, ok, "UserNsAnnotation is set")
+	assert.Equal(t, "keep-id", v, "UserNsAnnotation is keep-id")
+}