podman pod create --uidmap patch

podmans remote API does not marshal infra's spec due to the fact that if it did, all of those options would be available to the users on the command line. This means we need to manually map "backwards" some container spec items -> pod spec items before calling PodCreate, this was one of them that was forgotten resolves containers#14233 Signed-off-by: cdoern <[email protected]> Signed-off-by: cdoern <[email protected]>
cdoern · Jun 1, 2022 · f728b7b · f728b7b
1 parent d069ad1
commit f728b7b
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/pkg/specgen/podspecgen.go b/pkg/specgen/podspecgen.go
@@ -4,6 +4,7 @@ import (
 	"net"
 
 	"github.com/containers/common/libnetwork/types"
+	storageTypes "github.com/containers/storage/types"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 )
 
@@ -222,6 +223,10 @@ type PodResourceConfig struct {
 
 type PodSecurityConfig struct {
 	SecurityOpt []string `json:"security_opt,omitempty"`
+	// IDMappings are UID and GID mappings that will be used by user
+	// namespaces.
+	// Required if UserNS is private.
+	IDMappings *storageTypes.IDMappingOptions `json:"idmappings,omitempty"`
 }
 
 // NewPodSpecGenerator creates a new pod spec

diff --git a/test/system/170-run-userns.bats b/test/system/170-run-userns.bats
@@ -38,10 +38,12 @@ function _require_crun() {
 
 @test "rootful pod with custom ID mapping" {
     skip_if_rootless "does not work rootless - rootful feature"
-    skip_if_remote "remote --uidmap is broken (see #14233)"
     random_pod_name=$(random_string 30)
     run_podman pod create --uidmap 0:200000:5000 --name=$random_pod_name
     run_podman pod start $random_pod_name
+    run_podman pod inspect --format '{{.InfraContainerID}}' $random_pod_name
+    run podman inspect --format '{{.HostConfig.IDMappings.UIDMap}}' $output
+    is "$output" ".*0:200000:5000" "UID Map Successful"
 
     # Remove the pod and the pause image
     run_podman pod rm $random_pod_name