mirror of
https://github.com/containers/podman.git
synced 2025-07-15 03:02:52 +08:00
192ad70e98
the combination --pod and --userns is already blocked. Ignore the PODMAN_USERNS variable when a pod is used, since it would cause to create a new user namespace for the container. Ideally a container should be able to do that, but its user namespace must be a child of the pod user namespace, not a sibling. Since nested user namespaces are not allowed in the OCI runtime specs, disallow this case, since the end result is just confusing for the user. Closes: https://github.com/containers/podman/issues/18580 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>