podman: honor env variable PODMAN_USERNS

Signed-off-by: Giuseppe Scrivano <[email protected]>
containers · May 24, 2019 · 5eb321a · 5eb321a
1 parent f09370c
commit 5eb321a
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/cmd/podman/common.go b/cmd/podman/common.go
@@ -517,7 +517,7 @@ func getCreateFlags(c *cliconfig.PodmanCommand) {
 		"Username or UID (format: <name|uid>[:<group|gid>])",
 	)
 	createFlags.String(
-		"userns", "",
+		"userns", os.Getenv("PODMAN_USERNS"),
 		"User namespace to use",
 	)
 	createFlags.String(

diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md
@@ -730,7 +730,7 @@ Without this argument the command will be run as root in the container.
 **--userns**=keep-id
 **--userns**=ns:my_namespace
 
-Set the user namespace mode for the container. The use of userns is disabled by default.
+Set the user namespace mode for the container.  It defaults to the **PODMAN_USERNS** environment variable.  An empty value means user namespaces are disabled.
 
 - `host`: run in the user namespace of the caller. This is the default if no user namespace options are set. The processes running in the container will have the same privileges on the host as any other process launched by the calling user.
 - `keep-id`: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user.

diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md
@@ -766,7 +766,7 @@ Without this argument the command will be run as root in the container.
 **--userns**=keep-id
 **--userns**=ns:my_namespace
 
-Set the user namespace mode for the container. The use of userns is disabled by default.
+Set the user namespace mode for the container.  It defaults to the **PODMAN_USERNS** environment variable.  An empty value means user namespaces are disabled.
 
 - `host`: run in the user namespace of the caller. This is the default if no user namespace options are set. The processes running in the container will have the same privileges on the host as any other process launched by the calling user.
 - `keep-id`: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user.