mirror of
https://github.com/containers/podman.git
synced 2025-07-03 17:27:18 +08:00
Merge pull request #17577 from giuseppe/idmapping-mounts-always-direct-mapping
libpod: always use direct mapping for idmapped mounts
This commit is contained in:
OpenShift Merge Robot
@ -1525,7 +1525,7 @@ func (c *Container) mountStorage() (_ string, deferredErr error) {
|
||||
mountPoint := c.config.Rootfs
|
||||
|
||||
if c.config.RootfsMapping != nil {
|
||||
uidMappings, gidMappings, err := parseIDMapMountOption(c.config.IDMappings, *c.config.RootfsMapping, false)
|
||||
uidMappings, gidMappings, err := parseIDMapMountOption(c.config.IDMappings, *c.config.RootfsMapping)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
@ -94,7 +94,7 @@ func parseOptionIDs(ctrMappings []idtools.IDMap, option string) ([]idtools.IDMap
|
||||
return ret, nil
|
||||
}
|
||||
|
||||
func parseIDMapMountOption(idMappings stypes.IDMappingOptions, option string, invert bool) ([]spec.LinuxIDMapping, []spec.LinuxIDMapping, error) {
|
||||
func parseIDMapMountOption(idMappings stypes.IDMappingOptions, option string) ([]spec.LinuxIDMapping, []spec.LinuxIDMapping, error) {
|
||||
uidMap := idMappings.UIDMap
|
||||
gidMap := idMappings.GIDMap
|
||||
if strings.HasPrefix(option, "idmap=") {
|
||||
@ -121,33 +121,17 @@ func parseIDMapMountOption(idMappings stypes.IDMappingOptions, option string, in
|
||||
uidMappings := make([]spec.LinuxIDMapping, len(uidMap))
|
||||
gidMappings := make([]spec.LinuxIDMapping, len(gidMap))
|
||||
for i, uidmap := range uidMap {
|
||||
if invert {
|
||||
uidMappings[i] = spec.LinuxIDMapping{
|
||||
HostID: uint32(uidmap.ContainerID),
|
||||
ContainerID: uint32(uidmap.HostID),
|
||||
Size: uint32(uidmap.Size),
|
||||
}
|
||||
} else {
|
||||
uidMappings[i] = spec.LinuxIDMapping{
|
||||
HostID: uint32(uidmap.HostID),
|
||||
ContainerID: uint32(uidmap.ContainerID),
|
||||
Size: uint32(uidmap.Size),
|
||||
}
|
||||
uidMappings[i] = spec.LinuxIDMapping{
|
||||
HostID: uint32(uidmap.HostID),
|
||||
ContainerID: uint32(uidmap.ContainerID),
|
||||
Size: uint32(uidmap.Size),
|
||||
}
|
||||
}
|
||||
for i, gidmap := range gidMap {
|
||||
if invert {
|
||||
gidMappings[i] = spec.LinuxIDMapping{
|
||||
HostID: uint32(gidmap.ContainerID),
|
||||
ContainerID: uint32(gidmap.HostID),
|
||||
Size: uint32(gidmap.Size),
|
||||
}
|
||||
} else {
|
||||
gidMappings[i] = spec.LinuxIDMapping{
|
||||
HostID: uint32(gidmap.HostID),
|
||||
ContainerID: uint32(gidmap.ContainerID),
|
||||
Size: uint32(gidmap.Size),
|
||||
}
|
||||
gidMappings[i] = spec.LinuxIDMapping{
|
||||
HostID: uint32(gidmap.HostID),
|
||||
ContainerID: uint32(gidmap.ContainerID),
|
||||
Size: uint32(gidmap.Size),
|
||||
}
|
||||
}
|
||||
return uidMappings, gidMappings, nil
|
||||
@ -323,7 +307,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
|
||||
for _, o := range m.Options {
|
||||
if o == "idmap" || strings.HasPrefix(o, "idmap=") {
|
||||
var err error
|
||||
m.UIDMappings, m.GIDMappings, err = parseIDMapMountOption(c.config.IDMappings, o, true)
|
||||
m.UIDMappings, m.GIDMappings, err = parseIDMapMountOption(c.config.IDMappings, o)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@ -90,49 +90,49 @@ func TestParseIDMapMountOption(t *testing.T) {
|
||||
UIDMap: uidMap,
|
||||
GIDMap: gidMap,
|
||||
}
|
||||
uids, gids, err := parseIDMapMountOption(options, "idmap", true)
|
||||
uids, gids, err := parseIDMapMountOption(options, "idmap")
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, len(uids), 1)
|
||||
assert.Equal(t, len(gids), 1)
|
||||
|
||||
assert.Equal(t, uids[0].ContainerID, uint32(1000))
|
||||
assert.Equal(t, uids[0].HostID, uint32(0))
|
||||
assert.Equal(t, uids[0].HostID, uint32(1000))
|
||||
assert.Equal(t, uids[0].ContainerID, uint32(0))
|
||||
assert.Equal(t, uids[0].Size, uint32(10000))
|
||||
|
||||
assert.Equal(t, gids[0].ContainerID, uint32(2000))
|
||||
assert.Equal(t, gids[0].HostID, uint32(0))
|
||||
assert.Equal(t, gids[0].HostID, uint32(2000))
|
||||
assert.Equal(t, gids[0].ContainerID, uint32(0))
|
||||
assert.Equal(t, gids[0].Size, uint32(10000))
|
||||
|
||||
uids, gids, err = parseIDMapMountOption(options, "idmap=uids=0-1-10#10-11-10;gids=0-3-10", true)
|
||||
uids, gids, err = parseIDMapMountOption(options, "idmap=uids=0-1-10#10-11-10;gids=0-3-10")
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, len(uids), 2)
|
||||
assert.Equal(t, len(gids), 1)
|
||||
|
||||
assert.Equal(t, uids[0].ContainerID, uint32(1))
|
||||
assert.Equal(t, uids[0].HostID, uint32(0))
|
||||
assert.Equal(t, uids[0].HostID, uint32(1))
|
||||
assert.Equal(t, uids[0].ContainerID, uint32(0))
|
||||
assert.Equal(t, uids[0].Size, uint32(10))
|
||||
|
||||
assert.Equal(t, uids[1].ContainerID, uint32(11))
|
||||
assert.Equal(t, uids[1].HostID, uint32(10))
|
||||
assert.Equal(t, uids[1].HostID, uint32(11))
|
||||
assert.Equal(t, uids[1].ContainerID, uint32(10))
|
||||
assert.Equal(t, uids[1].Size, uint32(10))
|
||||
|
||||
assert.Equal(t, gids[0].ContainerID, uint32(3))
|
||||
assert.Equal(t, gids[0].HostID, uint32(0))
|
||||
assert.Equal(t, gids[0].HostID, uint32(3))
|
||||
assert.Equal(t, gids[0].ContainerID, uint32(0))
|
||||
assert.Equal(t, gids[0].Size, uint32(10))
|
||||
|
||||
_, _, err = parseIDMapMountOption(options, "idmap=uids=0-1-10#10-11-10;gids=0-3-10;foobar=bar", true)
|
||||
_, _, err = parseIDMapMountOption(options, "idmap=uids=0-1-10#10-11-10;gids=0-3-10;foobar=bar")
|
||||
assert.NotNil(t, err)
|
||||
|
||||
_, _, err = parseIDMapMountOption(options, "idmap=uids=0-1-10#10-11-10;gids=0-3-10#0-12", true)
|
||||
_, _, err = parseIDMapMountOption(options, "idmap=uids=0-1-10#10-11-10;gids=0-3-10#0-12")
|
||||
assert.NotNil(t, err)
|
||||
|
||||
_, _, err = parseIDMapMountOption(options, "idmap=uids=0-1-10#10-11-10;gids=0-3-10#0-12--12", true)
|
||||
_, _, err = parseIDMapMountOption(options, "idmap=uids=0-1-10#10-11-10;gids=0-3-10#0-12--12")
|
||||
assert.NotNil(t, err)
|
||||
|
||||
_, _, err = parseIDMapMountOption(options, "idmap=uids=0-1-10#10-11-10;gids=0-3-10#-1-12-12", true)
|
||||
_, _, err = parseIDMapMountOption(options, "idmap=uids=0-1-10#10-11-10;gids=0-3-10#-1-12-12")
|
||||
assert.NotNil(t, err)
|
||||
|
||||
_, _, err = parseIDMapMountOption(options, "idmap=uids=0-1-10#10-11-10;gids=0-3-10#0--12-0", true)
|
||||
_, _, err = parseIDMapMountOption(options, "idmap=uids=0-1-10#10-11-10;gids=0-3-10#0--12-0")
|
||||
assert.NotNil(t, err)
|
||||
}
|
||||
|
||||
|
||||
@ -109,6 +109,8 @@ var _ = Describe("Podman UserNS support", func() {
|
||||
})
|
||||
|
||||
It("podman uidmapping and gidmapping with an idmapped volume", func() {
|
||||
Skip("it depends on a breaking change in crun: https://github.com/containers/crun/pull/1147")
|
||||
|
||||
session := podmanTest.Podman([]string{"run", "--uidmap=0:1:500", "--gidmap=0:200:5000", "-v", "my-foo-volume:/foo:Z,idmap", "alpine", "stat", "-c", "#%u:%g#", "/foo"})
|
||||
session.WaitWithDefaultTimeout()
|
||||
if strings.Contains(session.ErrorToString(), "Operation not permitted") {
|
||||
|
||||
Reference in New Issue
Block a user