mirror of
https://github.com/containers/podman.git
synced 2025-09-21 19:55:08 +08:00
podman: add uid and gid options to keep-id
add two new options to the keep-id user namespace option: - uid: allow to override the UID used inside the container. - gid: allow to override the GID used inside the container. For example, the following command will map the rootless user (that has UID=0 inside the rootless user namespace) to the UID=11 inside the container user namespace: $ podman run --userns=keep-id:uid=11 --rm -ti fedora cat /proc/self/uid_map 0 1 11 11 0 1 12 12 65525 Closes: https://github.com/containers/podman/issues/15294 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
@ -342,7 +342,7 @@ func ParseSignal(rawSignal string) (syscall.Signal, error) {
|
||||
}
|
||||
|
||||
// GetKeepIDMapping returns the mappings and the user to use when keep-id is used
|
||||
func GetKeepIDMapping() (*stypes.IDMappingOptions, int, int, error) {
|
||||
func GetKeepIDMapping(opts *namespaces.KeepIDUserNsOptions) (*stypes.IDMappingOptions, int, int, error) {
|
||||
if !rootless.IsRootless() {
|
||||
return nil, -1, -1, errors.New("keep-id is only supported in rootless mode")
|
||||
}
|
||||
@ -359,6 +359,12 @@ func GetKeepIDMapping() (*stypes.IDMappingOptions, int, int, error) {
|
||||
|
||||
uid := rootless.GetRootlessUID()
|
||||
gid := rootless.GetRootlessGID()
|
||||
if opts.UID != nil {
|
||||
uid = int(*opts.UID)
|
||||
}
|
||||
if opts.GID != nil {
|
||||
gid = int(*opts.GID)
|
||||
}
|
||||
|
||||
uids, gids, err := rootless.GetConfiguredMappings()
|
||||
if err != nil {
|
||||
|
Reference in New Issue
Block a user