opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-23 02:18:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

remote: fix implementation of build with --userns=auto for API

Browse Source 
`podman-remote` and Libpod API does not supports build with
`--userns=auto` since `IDMappingOptions` were not implemented for API
and bindings, following PR implements passing `IDMappingOptions` via
bindings to API.

Closes: https://github.com/containers/podman/issues/15476

Signed-off-by: Aditya R <arajan@redhat.com>
This commit is contained in:
Aditya R
2022-08-25 12:10:53 +05:30
parent b1247b62bd
commit e00272cd99
4 changed files with 49 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/api/handlers/compat/images_build.go
View File

@ -101,6 +101,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
ForceRm bool `schema:"forcerm"` ForceRm bool `schema:"forcerm"`
From string `schema:"from"` From string `schema:"from"`
HTTPProxy bool `schema:"httpproxy"` HTTPProxy bool `schema:"httpproxy"`
IDMappingOptions string `schema:"idmappingoptions"`
IdentityLabel bool `schema:"identitylabel"` IdentityLabel bool `schema:"identitylabel"`
Ignore bool `schema:"ignore"` Ignore bool `schema:"ignore"`
Isolation string `schema:"isolation"` Isolation string `schema:"isolation"`
@ -389,6 +390,14 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
} }
} }
var idMappingOptions buildahDefine.IDMappingOptions
if _, found := r.URL.Query()["idmappingoptions"]; found {
if err := json.Unmarshal([]byte(query.IDMappingOptions), &idMappingOptions); err != nil {
utils.BadRequest(w, "idmappingoptions", query.IDMappingOptions, err)
return
}
}
var cacheFrom reference.Named var cacheFrom reference.Named
if _, found := r.URL.Query()["cachefrom"]; found { if _, found := r.URL.Query()["cachefrom"]; found {
cacheFrom, err = parse.RepoNameToNamedReference(query.CacheFrom) cacheFrom, err = parse.RepoNameToNamedReference(query.CacheFrom)
@ -644,6 +653,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
Excludes: excludes, Excludes: excludes,
ForceRmIntermediateCtrs: query.ForceRm, ForceRmIntermediateCtrs: query.ForceRm,
From: fromImage, From: fromImage,
IDMappingOptions: &idMappingOptions,
IgnoreUnrecognizedInstructions: query.Ignore, IgnoreUnrecognizedInstructions: query.Ignore,
Isolation: isolation, Isolation: isolation,
Jobs: &jobs, Jobs: &jobs,

7
pkg/bindings/images/build.go
View File

@ -88,6 +88,13 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO
} }
params.Set("additionalbuildcontexts", string(additionalBuildContextMap)) params.Set("additionalbuildcontexts", string(additionalBuildContextMap))
} }
if options.IDMappingOptions != nil {
idmappingsOptions, err := jsoniter.Marshal(options.IDMappingOptions)
if err != nil {
return nil, err
}
params.Set("idmappingoptions", string(idmappingsOptions))
}
if buildArgs := options.Args; len(buildArgs) > 0 { if buildArgs := options.Args; len(buildArgs) > 0 {
bArgs, err := jsoniter.MarshalToString(buildArgs) bArgs, err := jsoniter.MarshalToString(buildArgs)
if err != nil { if err != nil {

2
test/e2e/build/Containerfile.userns-auto Normal file
View File

@ -0,0 +1,2 @@
FROM alpine
RUN cat /proc/self/uid_map

30
test/e2e/run_userns_test.go
View File

@ -8,6 +8,7 @@ import (
"strings" "strings"
. "github.com/containers/podman/v4/test/utils" . "github.com/containers/podman/v4/test/utils"
"github.com/containers/storage"
. "github.com/onsi/ginkgo" . "github.com/onsi/ginkgo"
. "github.com/onsi/gomega" . "github.com/onsi/gomega"
. "github.com/onsi/gomega/gexec" . "github.com/onsi/gomega/gexec"
@ -42,6 +43,33 @@ var _ = Describe("Podman UserNS support", func() {
}) })
// Note: Lot of tests for build with --userns=auto are already there in buildah
// but they are skipped in podman CI because bud tests are executed in rootfull
// environment ( where mappings for the `containers` user is not present in /etc/subuid )
// causing them to skip hence this is a redundant test for sanity to make sure
// we don't break this feature for podman-remote.
It("podman build with --userns=auto", func() {
u, err := user.Current()
Expect(err).To(BeNil())
name := u.Name
if name == "root" {
name = "containers"
}
content, err := ioutil.ReadFile("/etc/subuid")
if err != nil {
Skip("cannot read /etc/subuid")
}
if !strings.Contains(string(content), name) {
Skip("cannot find mappings for the current user")
}
session := podmanTest.Podman([]string{"build", "-f", "build/Containerfile.userns-auto", "-t", "test", "--userns=auto"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
// `1024` is the default size or length of the range of user IDs
// that is mapped between the two user namespaces by --userns=auto.
Expect(session.OutputToString()).To(ContainSubstring(fmt.Sprintf("%d", storage.AutoUserNsMinSize)))
})
It("podman uidmapping and gidmapping", func() { It("podman uidmapping and gidmapping", func() {
session := podmanTest.Podman([]string{"run", "--uidmap=0:100:5000", "--gidmap=0:200:5000", "alpine", "echo", "hello"}) session := podmanTest.Podman([]string{"run", "--uidmap=0:100:5000", "--gidmap=0:200:5000", "alpine", "echo", "hello"})
session.WaitWithDefaultTimeout() session.WaitWithDefaultTimeout()
@ -157,6 +185,8 @@ var _ = Describe("Podman UserNS support", func() {
session.WaitWithDefaultTimeout() session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0)) Expect(session).Should(Exit(0))
l := session.OutputToString() l := session.OutputToString()
// `1024` is the default size or length of the range of user IDs
// that is mapped between the two user namespaces by --userns=auto.
Expect(l).To(ContainSubstring("1024")) Expect(l).To(ContainSubstring("1024"))
m[l] = l m[l] = l
} }