Setup HOME environment when using --userns=keep-id

Currently the HOME environment is set to /root if the user does not override it. Also walk the parent directories of users homedir to see if it is volume mounted into the container, if yes, then set it correctly. Signed-off-by: Daniel J Walsh <[email protected]>
containers · Oct 14, 2020 · 6ca8067 · 6ca8067
1 parent d1ba9ce
commit 6ca8067
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 3 deletions.
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
@@ -1717,11 +1717,35 @@ func (c *Container) generateCurrentUserPasswdEntry() (string, int, int, error) {
 	// If the user's actual home directory exists, or was mounted in - use
 	// that.
 	homeDir := c.WorkingDir()
-	if MountExists(c.config.Spec.Mounts, u.HomeDir) {
-		homeDir = u.HomeDir
+	hDir := u.HomeDir
+	for hDir != "/" {
+		if MountExists(c.config.Spec.Mounts, hDir) {
+			homeDir = u.HomeDir
+			break
+		}
+		hDir = filepath.Dir(hDir)
+	}
+	if homeDir != u.HomeDir {
+		for _, hDir := range c.UserVolumes() {
+			if hDir == u.HomeDir {
+				homeDir = u.HomeDir
+				break
+			}
+		}
+	}
+	// Set HOME environment if not already set
+	hasHomeSet := false
+	for _, s := range c.config.Spec.Process.Env {
+		if strings.HasPrefix(s, "HOME=") {
+			hasHomeSet = true
+			break
+		}
+	}
+	if !hasHomeSet {
+		c.config.Spec.Process.Env = append(c.config.Spec.Process.Env, fmt.Sprintf("HOME=%s", homeDir))
 	}
 
-	return fmt.Sprintf("%s:*:%s:%s:%s:%s:/bin/sh\n", u.Username, u.Uid, u.Gid, u.Username, homeDir), uid, rootless.GetRootlessGID(), nil
+	return fmt.Sprintf("%s:*:%s:%s:%s:%s:/bin/sh\n", u.Username, u.Uid, u.Gid, u.Name, homeDir), uid, rootless.GetRootlessGID(), nil
 }
 
 // generateUserPasswdEntry generates an /etc/passwd entry for the container user

diff --git a/test/e2e/toolbox_test.go b/test/e2e/toolbox_test.go
@@ -365,4 +365,16 @@ var _ = Describe("Toolbox-specific testing", func() {
 		Expect(session.ExitCode()).To(Equal(0))
 		Expect(session.OutputToString()).To(ContainSubstring("READY"))
 	})
+
+	It("podman run --userns=keep-id check $HOME", func() {
+		var session *PodmanSessionIntegration
+
+		currentUser, err := user.Current()
+		Expect(err).To(BeNil())
+		session = podmanTest.Podman([]string{"run", "-v", fmt.Sprintf("%s:%s", currentUser.HomeDir, currentUser.HomeDir), "--userns=keep-id", fedoraToolbox, "sh", "-c", "echo $HOME"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.OutputToString()).To(ContainSubstring(currentUser.HomeDir))
+	})
+
 })