From 6ca80679561285859a00c1b6bf1fae2d071d7cc3 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 13 Oct 2020 17:43:26 -0400 Subject: [PATCH] Setup HOME environment when using --userns=keep-id Currently the HOME environment is set to /root if the user does not override it. Also walk the parent directories of users homedir to see if it is volume mounted into the container, if yes, then set it correctly. Signed-off-by: Daniel J Walsh --- libpod/container_internal_linux.go | 30 +++++++++++++++++++++++++++--- test/e2e/toolbox_test.go | 12 ++++++++++++ 2 files changed, 39 insertions(+), 3 deletions(-) diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 3a71c6601c..1056238107 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -1717,11 +1717,35 @@ func (c *Container) generateCurrentUserPasswdEntry() (string, int, int, error) { // If the user's actual home directory exists, or was mounted in - use // that. homeDir := c.WorkingDir() - if MountExists(c.config.Spec.Mounts, u.HomeDir) { - homeDir = u.HomeDir + hDir := u.HomeDir + for hDir != "/" { + if MountExists(c.config.Spec.Mounts, hDir) { + homeDir = u.HomeDir + break + } + hDir = filepath.Dir(hDir) + } + if homeDir != u.HomeDir { + for _, hDir := range c.UserVolumes() { + if hDir == u.HomeDir { + homeDir = u.HomeDir + break + } + } + } + // Set HOME environment if not already set + hasHomeSet := false + for _, s := range c.config.Spec.Process.Env { + if strings.HasPrefix(s, "HOME=") { + hasHomeSet = true + break + } + } + if !hasHomeSet { + c.config.Spec.Process.Env = append(c.config.Spec.Process.Env, fmt.Sprintf("HOME=%s", homeDir)) } - return fmt.Sprintf("%s:*:%s:%s:%s:%s:/bin/sh\n", u.Username, u.Uid, u.Gid, u.Username, homeDir), uid, rootless.GetRootlessGID(), nil + return fmt.Sprintf("%s:*:%s:%s:%s:%s:/bin/sh\n", u.Username, u.Uid, u.Gid, u.Name, homeDir), uid, rootless.GetRootlessGID(), nil } // generateUserPasswdEntry generates an /etc/passwd entry for the container user diff --git a/test/e2e/toolbox_test.go b/test/e2e/toolbox_test.go index 6122cee19c..4f4113bd45 100644 --- a/test/e2e/toolbox_test.go +++ b/test/e2e/toolbox_test.go @@ -365,4 +365,16 @@ var _ = Describe("Toolbox-specific testing", func() { Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(ContainSubstring("READY")) }) + + It("podman run --userns=keep-id check $HOME", func() { + var session *PodmanSessionIntegration + + currentUser, err := user.Current() + Expect(err).To(BeNil()) + session = podmanTest.Podman([]string{"run", "-v", fmt.Sprintf("%s:%s", currentUser.HomeDir, currentUser.HomeDir), "--userns=keep-id", fedoraToolbox, "sh", "-c", "echo $HOME"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring(currentUser.HomeDir)) + }) + })