From 3e6637a3b00dbf1fa6984d625922780c397521cf Mon Sep 17 00:00:00 2001
From: Kristian Klausen <kristian@klausen.dk>
Date: Fri, 21 Oct 2022 16:12:01 +0200
Subject: [PATCH] volumes: Fix idmap not working for volumes

idmap is documented as supported for volumes, but it was not added to
the getNamedVolume() function.

Fixes: e83d36665 ("volumes: add new option idmap")
Signed-off-by: Kristian Klausen <kristian@klausen.dk>
---
 pkg/specgenutil/volumes.go  |  6 ++++++
 test/e2e/run_userns_test.go | 10 ++++++++++
 2 files changed, 16 insertions(+)

diff --git a/pkg/specgenutil/volumes.go b/pkg/specgenutil/volumes.go
index fe2216d80e..503d82177a 100644
--- a/pkg/specgenutil/volumes.go
+++ b/pkg/specgenutil/volumes.go
@@ -584,6 +584,12 @@ func getNamedVolume(args []string) (*specgen.NamedVolume, error) {
 			}
 			newVolume.Dest = unixPathClean(kv[1])
 			setDest = true
+		case "idmap":
+			if len(kv) > 1 {
+				newVolume.Options = append(newVolume.Options, fmt.Sprintf("idmap=%s", kv[1]))
+			} else {
+				newVolume.Options = append(newVolume.Options, "idmap")
+			}
 		case "U", "chown":
 			if setOwnership {
 				return newVolume, fmt.Errorf("cannot pass 'U' or 'chown' option more than once: %w", errOptionArg)
diff --git a/test/e2e/run_userns_test.go b/test/e2e/run_userns_test.go
index c485f15222..07f00351bd 100644
--- a/test/e2e/run_userns_test.go
+++ b/test/e2e/run_userns_test.go
@@ -94,6 +94,16 @@ var _ = Describe("Podman UserNS support", func() {
 		Expect(session.OutputToString()).To(ContainSubstring("hello"))
 	})
 
+	It("podman uidmapping and gidmapping with a idmapped volume", func() {
+		session := podmanTest.Podman([]string{"run", "--uidmap=0:1:500", "--gidmap=0:200:5000", "-v", "my-foo-volume:/foo:Z,idmap", "alpine", "echo", "hello"})
+		session.WaitWithDefaultTimeout()
+		if strings.Contains(session.ErrorToString(), "Operation not permitted") {
+			Skip("not sufficiently privileged")
+		}
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(ContainSubstring("hello"))
+	})
+
 	It("podman uidmapping and gidmapping --net=host", func() {
 		session := podmanTest.Podman([]string{"run", "--net=host", "--uidmap=0:1:5000", "--gidmap=0:200:5000", "alpine", "echo", "hello"})
 		session.WaitWithDefaultTimeout()