Skip to content

Commit

Permalink
Merge pull request #7578 from giuseppe/join-userns-reuse-mappings
Browse files Browse the repository at this point in the history 
libpod: read mappings when joining a container userns
  • Loading branch information
@openshift-merge-robot
openshift-merge-robot authored Sep 10, 2020
2 parents 89a3483 + 686f6ec commit 41bd5e2
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 0 deletions.
2 changes: 2 additions & 0 deletions libpod/container_internal.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -380,6 +380,8 @@ func (c *Container) setupStorageMapping(dest, from *storage.IDMappingOptions) {
}
dest.GIDMap = append(dest.GIDMap, g)
}
dest.HostUIDMapping = false
dest.HostGIDMapping = false
}
}

Expand Down
12 changes: 12 additions & 0 deletions libpod/options.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import (
"github.com/containers/storage"
"github.com/containers/storage/pkg/idtools"
"github.com/cri-o/ocicni/pkg/ocicni"
"github.com/opencontainers/runtime-tools/generate"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
Expand Down Expand Up @@ -897,6 +898,17 @@ func WithUserNSFrom(nsCtr *Container) CtrCreateOption {
ctr.config.UserNsCtr = nsCtr.ID()
ctr.config.IDMappings = nsCtr.config.IDMappings

g := generate.NewFromSpec(ctr.config.Spec)

g.ClearLinuxUIDMappings()
for _, uidmap := range nsCtr.config.IDMappings.UIDMap {
g.AddLinuxUIDMapping(uint32(uidmap.HostID), uint32(uidmap.ContainerID), uint32(uidmap.Size))
}
g.ClearLinuxGIDMappings()
for _, gidmap := range nsCtr.config.IDMappings.GIDMap {
g.AddLinuxGIDMapping(uint32(gidmap.HostID), uint32(gidmap.ContainerID), uint32(gidmap.Size))
}
ctr.config.IDMappings = nsCtr.config.IDMappings
return nil
}
}
Expand Down
7 changes: 7 additions & 0 deletions test/e2e/run_userns_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -277,6 +277,13 @@ var _ = Describe("Podman UserNS support", func() {

ok, _ := session.GrepString("4998")
Expect(ok).To(BeTrue())

session = podmanTest.Podman([]string{"run", "--rm", "--userns=container:" + ctrName, "--net=container:" + ctrName, "alpine", "cat", "/proc/self/uid_map"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))

ok, _ = session.GrepString("4998")
Expect(ok).To(BeTrue())
})

It("podman --user with volume", func() {
Expand Down

0 comments on commit 41bd5e2

Please sign in to comment.