From da04469f0685940d2ea555f5073c1bde381233d4 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 2 Mar 2023 22:14:16 +0100 Subject: [PATCH] cmd: clarify meaning of ParentNSRequired there are no commands that are not supported by rootless mode, but some commands require to run in the user namespace. Signed-off-by: Giuseppe Scrivano --- cmd/podman/main.go | 7 ------- cmd/podman/registry/config.go | 2 +- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/cmd/podman/main.go b/cmd/podman/main.go index a820967f93..14b30d47a3 100644 --- a/cmd/podman/main.go +++ b/cmd/podman/main.go @@ -81,13 +81,6 @@ func parseCommands() *cobra.Command { return fmt.Errorf("cannot run command %q in rootless mode, must execute `podman unshare` first", cmd.CommandPath()) } } - } else { - _, found = c.Command.Annotations[registry.ParentNSRequired] - if rootless.IsRootless() && found && c.Command.Name() != "scp" { - c.Command.RunE = func(cmd *cobra.Command, args []string) error { - return fmt.Errorf("cannot run command %q in rootless mode", cmd.CommandPath()) - } - } } addCommand(c) } diff --git a/cmd/podman/registry/config.go b/cmd/podman/registry/config.go index 3e5920c098..21988b421e 100644 --- a/cmd/podman/registry/config.go +++ b/cmd/podman/registry/config.go @@ -17,7 +17,7 @@ const ( // NoMoveProcess used as cobra.Annotation when command doesn't need Podman to be moved to a separate cgroup NoMoveProcess = "NoMoveProcess" - // ParentNSRequired used as cobra.Annotation when command requires root access + // ParentNSRequired used as cobra.Annotation when a command should not be run in the podman rootless user namespace, also requires updates in `pkg/rootless/rootless_linux.c` in function `can_use_shortcut()` to exclude the command name there. ParentNSRequired = "ParentNSRequired" // UnshareNSRequired used as cobra.Annotation when command requires modified user namespace