From 1260bf631f523e0708c458596337623977c6ac51 Mon Sep 17 00:00:00 2001 From: Ashley Cui Date: Mon, 25 Apr 2022 09:12:45 -0400 Subject: [PATCH 1/2] Revert "Switch all rootful to rootfull" This reverts commit cc3790f332d989440eb1720e24e3619fc97c74ee. We can't change rootful to rootfull because `rootful` is written into the machine config. Changing this will break json unmarshalling, which will break existing machines. [NO NEW TESTS NEEDED] Signed-off-by: Ashley Cui --- cmd/podman/machine/init.go | 15 ++----------- cmd/podman/machine/set.go | 7 +++--- contrib/cirrus/logformatter | 2 +- contrib/podmanimage/README.md | 2 +- contrib/remote/containers.conf | 2 +- docs/source/markdown/podman-build.1.md | 2 +- docs/source/markdown/podman-image-scp.1.md | 2 +- docs/source/markdown/podman-machine-init.1.md | 6 ++--- docs/source/markdown/podman-machine-set.1.md | 20 ++++++++--------- libpod/networking_slirp4netns.go | 2 +- pkg/bindings/README.md | 8 +++---- pkg/domain/infra/abi/images.go | 6 ++--- pkg/machine/config.go | 4 ++-- pkg/machine/qemu/config.go | 8 +++---- pkg/machine/qemu/machine.go | 20 ++++++++--------- pkg/machine/wsl/machine.go | 22 +++++++++---------- rootless.md | 2 +- test/e2e/exec_test.go | 2 +- test/e2e/mount_rootless_test.go | 2 +- test/e2e/network_test.go | 2 +- test/system/270-socket-activation.bats | 2 +- test/system/helpers.bash | 2 +- 22 files changed, 64 insertions(+), 76 deletions(-) diff --git a/cmd/podman/machine/init.go b/cmd/podman/machine/init.go index 06c1f7248f..2d0afbf053 100644 --- a/cmd/podman/machine/init.go +++ b/cmd/podman/machine/init.go @@ -12,7 +12,6 @@ import ( "github.com/containers/podman/v4/pkg/machine" "github.com/pkg/errors" "github.com/spf13/cobra" - "github.com/spf13/pflag" ) var ( @@ -107,18 +106,8 @@ func init() { flags.StringVar(&initOpts.IgnitionPath, IgnitionPathFlagName, "", "Path to ignition file") _ = initCmd.RegisterFlagCompletionFunc(IgnitionPathFlagName, completion.AutocompleteDefault) - rootfullFlagName := "rootfull" - flags.BoolVar(&initOpts.Rootfull, rootfullFlagName, false, "Whether this machine should prefer rootfull container execution") - flags.SetNormalizeFunc(aliasFlags) -} - -// aliasFlags is a function to handle backwards compatibility with old flags -func aliasFlags(f *pflag.FlagSet, name string) pflag.NormalizedName { - switch name { - case "rootful": - name = "rootfull" - } - return pflag.NormalizedName(name) + rootfulFlagName := "rootful" + flags.BoolVar(&initOpts.Rootful, rootfulFlagName, false, "Whether this machine should prefer rootful container execution") } // TODO should we allow for a users to append to the qemu cmdline? diff --git a/cmd/podman/machine/set.go b/cmd/podman/machine/set.go index b1dfb51daf..4c15f1de19 100644 --- a/cmd/podman/machine/set.go +++ b/cmd/podman/machine/set.go @@ -17,7 +17,7 @@ var ( Long: "Sets an updatable virtual machine setting", RunE: setMachine, Args: cobra.MaximumNArgs(1), - Example: `podman machine set --rootfull=false`, + Example: `podman machine set --rootful=false`, ValidArgsFunction: completion.AutocompleteNone, } ) @@ -33,9 +33,8 @@ func init() { }) flags := setCmd.Flags() - rootfullFlagName := "rootfull" - flags.BoolVar(&setOpts.Rootfull, rootfullFlagName, false, "Whether this machine should prefer rootfull container execution") - flags.SetNormalizeFunc(aliasFlags) + rootfulFlagName := "rootful" + flags.BoolVar(&setOpts.Rootful, rootfulFlagName, false, "Whether this machine should prefer rootful container execution") } func setMachine(cmd *cobra.Command, args []string) error { diff --git a/contrib/cirrus/logformatter b/contrib/cirrus/logformatter index 05f05dc0b4..e45f03df9f 100755 --- a/contrib/cirrus/logformatter +++ b/contrib/cirrus/logformatter @@ -207,7 +207,7 @@ END_HTML print { $out_fh } "
 \n";
 
-    # Assume rootfull prompt, check for rootless (here and in log itself, below)
+    # Assume rootful prompt, check for rootless (here and in log itself, below)
     my $Prompt = '#';
     $Prompt = '$' if $test_name =~ /rootless/;
 
diff --git a/contrib/podmanimage/README.md b/contrib/podmanimage/README.md
index 58c14be726..4f184ca285 100644
--- a/contrib/podmanimage/README.md
+++ b/contrib/podmanimage/README.md
@@ -70,4 +70,4 @@ file to `/etc/modules.load.d`.  See `man modules-load.d` for more details.
 
 ### Blog Post with Details
 
-Dan Walsh wrote a blog post on the [Enable Sysadmin](https://www.redhat.com/sysadmin/) site titled [How to use Podman inside of a container](https://www.redhat.com/sysadmin/podman-inside-container).  In it, he details how to use these images as a rootfull and as a rootless user.  Please refer to this blog for more detailed information.
+Dan Walsh wrote a blog post on the [Enable Sysadmin](https://www.redhat.com/sysadmin/) site titled [How to use Podman inside of a container](https://www.redhat.com/sysadmin/podman-inside-container).  In it, he details how to use these images as a rootful and as a rootless user.  Please refer to this blog for more detailed information.
diff --git a/contrib/remote/containers.conf b/contrib/remote/containers.conf
index 45f58171a1..9b0b62c426 100644
--- a/contrib/remote/containers.conf
+++ b/contrib/remote/containers.conf
@@ -7,5 +7,5 @@
 # Default Remote URI to access the Podman service.
 # Examples:
 #  remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock
-#  remote rootfull ssh://root@10.10.1.136:22/run/podman/podman.sock
+#  remote rootful ssh://root@10.10.1.136:22/run/podman/podman.sock
 # remote_uri= ""
diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md
index 406dfcd892..86801c72f3 100644
--- a/docs/source/markdown/podman-build.1.md
+++ b/docs/source/markdown/podman-build.1.md
@@ -429,7 +429,7 @@ container full access to local system services such as D-bus and is therefore
 considered insecure.
 - **ns:**_path_: path to a network namespace to join.
 - **private**: create a new namespace for the container (default)
-- **\**: Join the network with the given name or ID, e.g. use `--network mynet` to join the network with the name mynet. Only supported for rootfull users.
+- **\**: Join the network with the given name or ID, e.g. use `--network mynet` to join the network with the name mynet. Only supported for rootful users.
 
 #### **--no-cache**
 
diff --git a/docs/source/markdown/podman-image-scp.1.md b/docs/source/markdown/podman-image-scp.1.md
index 6d5a51298f..1d902da917 100644
--- a/docs/source/markdown/podman-image-scp.1.md
+++ b/docs/source/markdown/podman-image-scp.1.md
@@ -8,7 +8,7 @@ podman-image-scp - Securely copy an image from one host to another
 
 ## DESCRIPTION
 **podman image scp** copies container images between hosts on a network. You can load to the remote host or from the remote host as well as in between two remote hosts.
-Note: `::` is used to specify the image name depending on if you are saving or loading. Images can also be transferred from rootfull to rootless storage on the same machine without using sshd. This feature is not supported on the remote client, including Mac and Windows (excluding WSL2) machines.
+Note: `::` is used to specify the image name depending on if you are saving or loading. Images can also be transferred from rootful to rootless storage on the same machine without using sshd. This feature is not supported on the remote client, including Mac and Windows (excluding WSL2) machines.
 
 **podman image scp [GLOBAL OPTIONS]**
 
diff --git a/docs/source/markdown/podman-machine-init.1.md b/docs/source/markdown/podman-machine-init.1.md
index e42c5025ba..33947bbbaf 100644
--- a/docs/source/markdown/podman-machine-init.1.md
+++ b/docs/source/markdown/podman-machine-init.1.md
@@ -59,9 +59,9 @@ Memory (in MB).
 
 Start the virtual machine immediately after it has been initialized.
 
-#### **--rootfull**=*true|false*
+#### **--rootful**=*true|false*
 
-Whether this machine should prefer rootfull (`true`) or rootless (`false`)
+Whether this machine should prefer rootful (`true`) or rootless (`false`)
 container execution. This option will also determine the remote connection default
 if there is no existing remote connection configurations.
 
@@ -95,7 +95,7 @@ Driver to use for mounting volumes from the host, such as `virtfs`.
 ```
 $ podman machine init
 $ podman machine init myvm
-$ podman machine init --rootfull
+$ podman machine init --rootful
 $ podman machine init --disk-size 50
 $ podman machine init --memory=1024 myvm
 $ podman machine init -v /Users:/mnt/Users
diff --git a/docs/source/markdown/podman-machine-set.1.md b/docs/source/markdown/podman-machine-set.1.md
index e69a7dc14a..a4918eacf0 100644
--- a/docs/source/markdown/podman-machine-set.1.md
+++ b/docs/source/markdown/podman-machine-set.1.md
@@ -19,39 +19,39 @@ subset can be changed after machine initialization.
 
 Print usage statement.
 
-#### **--rootfull**=*true|false*
+#### **--rootful**=*true|false*
 
-Whether this machine should prefer rootfull (`true`) or rootless (`false`)
+Whether this machine should prefer rootful (`true`) or rootless (`false`)
 container execution. This option will also update the current podman
 remote connection default if it is currently pointing at the specified
 machine name (or `podman-machine-default` if no name is specified).
 
 Unlike [**podman system connection default**](podman-system-connection-default.1.md)
-this option will also make the API socket, if available, forward to the rootfull/rootless
+this option will also make the API socket, if available, forward to the rootful/rootless
 socket in the VM.
 
 ## EXAMPLES
 
-To switch the default VM `podman-machine-default` from rootless to rootfull:
+To switch the default VM `podman-machine-default` from rootless to rootful:
 
 ```
-$ podman machine set --rootfull
+$ podman machine set --rootful
 ```
 
 or more explicitly:
 
 ```
-$ podman machine set --rootfull=true
+$ podman machine set --rootful=true
 ```
 
-To switch the default VM `podman-machine-default` from rootfull to rootless:
+To switch the default VM `podman-machine-default` from rootful to rootless:
 ```
-$ podman machine set --rootfull=false
+$ podman machine set --rootful=false
 ```
 
-To switch the VM `myvm` from rootless to rootfull:
+To switch the VM `myvm` from rootless to rootful:
 ```
-$ podman machine set --rootfull myvm
+$ podman machine set --rootful myvm
 ```
 
 ## SEE ALSO
diff --git a/libpod/networking_slirp4netns.go b/libpod/networking_slirp4netns.go
index 4b1203dc3e..4a0ef0b3a6 100644
--- a/libpod/networking_slirp4netns.go
+++ b/libpod/networking_slirp4netns.go
@@ -210,7 +210,7 @@ func createBasicSlirp4netnsCmdArgs(options *slirp4netnsNetworkOptions, features
 	return cmdArgs, nil
 }
 
-// setupSlirp4netns can be called in rootfull as well as in rootless
+// setupSlirp4netns can be called in rootful as well as in rootless
 func (r *Runtime) setupSlirp4netns(ctr *Container, netns ns.NetNS) error {
 	path := r.config.Engine.NetworkCmdPath
 	if path == "" {
diff --git a/pkg/bindings/README.md b/pkg/bindings/README.md
index 713adb1047..ebc8a13d1b 100644
--- a/pkg/bindings/README.md
+++ b/pkg/bindings/README.md
@@ -9,7 +9,7 @@ The bindings require that the Podman system service is running for the specified
 by calling the service directly.
 
 ### Starting the service with system
-The command to start the Podman service differs slightly depending on the user that is running the service.  For a rootfull service,
+The command to start the Podman service differs slightly depending on the user that is running the service.  For a rootful service,
 start the service like this:
 ```
 # systemctl start podman.socket
@@ -26,7 +26,7 @@ It can be handy to run the system service manually.  Doing so allows you to enab
 $ podman --log-level=debug system service -t0
 ```
 If you do not provide a specific path for the socket, a default is provided.  The location of that socket for
-rootfull connections is `/run/podman/podman.sock` and for rootless it is `/run/USERID#/podman/podman.sock`. For more
+rootful connections is `/run/podman/podman.sock` and for rootless it is `/run/USERID#/podman/podman.sock`. For more
 information about the Podman system service, see `man podman-system-service`.
 
 ### Creating a connection
@@ -35,7 +35,7 @@ as they will be required to compile a Go program making use of the bindings.
 
 
 The first step for using the bindings is to create a connection to the socket.  As mentioned earlier, the destination
-of the socket depends on the user who owns it. In this case, a rootfull connection is made.
+of the socket depends on the user who owns it. In this case, a rootful connection is made.
 
 ```
 import (
@@ -59,7 +59,7 @@ The `conn` variable returned from the `bindings.NewConnection` function can then
 to interact with containers.
 
 ### Examples
-The following examples build upon the connection example from above.  They are all rootfull connections as well.
+The following examples build upon the connection example from above.  They are all rootful connections as well.
 
 Note: Optional arguments to the bindings methods are set using With*() methods on *Option structures.
 Composite types are not duplicated rather the address is used. As such, you should not change an underlying
diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go
index 43440b5945..74478b26dc 100644
--- a/pkg/domain/infra/abi/images.go
+++ b/pkg/domain/infra/abi/images.go
@@ -367,7 +367,7 @@ func (ir *ImageEngine) Transfer(ctx context.Context, source entities.ImageScpOpt
 	if rootless.IsRootless() && (len(dest.User) == 0 || dest.User == "root") { // if we are rootless and do not have a destination user we can just use sudo
 		return transferRootless(source, dest, podman, parentFlags)
 	}
-	return transferRootfull(source, dest, podman, parentFlags)
+	return transferRootful(source, dest, podman, parentFlags)
 }
 
 func (ir *ImageEngine) Tag(ctx context.Context, nameOrID string, tags []string, options entities.ImageTagOptions) error {
@@ -785,8 +785,8 @@ func transferRootless(source entities.ImageScpOptions, dest entities.ImageScpOpt
 	return cmdLoad.Run()
 }
 
-// transferRootfull creates new podman processes using exec.Command and a new uid/gid alongside a cleared environment
-func transferRootfull(source entities.ImageScpOptions, dest entities.ImageScpOptions, podman string, parentFlags []string) error {
+// TransferRootful creates new podman processes using exec.Command and a new uid/gid alongside a cleared environment
+func transferRootful(source entities.ImageScpOptions, dest entities.ImageScpOptions, podman string, parentFlags []string) error {
 	basicCommand := []string{podman}
 	basicCommand = append(basicCommand, parentFlags...)
 	saveCommand := append(basicCommand, "save")
diff --git a/pkg/machine/config.go b/pkg/machine/config.go
index 5dc5f61050..6c2fab0e57 100644
--- a/pkg/machine/config.go
+++ b/pkg/machine/config.go
@@ -28,7 +28,7 @@ type InitOptions struct {
 	URI          url.URL
 	Username     string
 	ReExec       bool
-	Rootfull     bool
+	Rootful      bool
 	// The numerical userid of the user that called machine
 	UID string
 }
@@ -95,7 +95,7 @@ type ListResponse struct {
 }
 
 type SetOptions struct {
-	Rootfull bool
+	Rootful bool
 }
 
 type SSHOptions struct {
diff --git a/pkg/machine/qemu/config.go b/pkg/machine/qemu/config.go
index e9416dc36b..7340de6047 100644
--- a/pkg/machine/qemu/config.go
+++ b/pkg/machine/qemu/config.go
@@ -57,8 +57,8 @@ type MachineVMV1 struct {
 	QMPMonitor Monitorv1
 	// RemoteUsername of the vm user
 	RemoteUsername string
-	// Whether this machine should run in a rootfull or rootless manner
-	Rootfull bool
+	// Whether this machine should run in a rootful or rootless manner
+	Rootful bool
 	// UID is the numerical id of the user that called machine
 	UID int
 }
@@ -99,8 +99,8 @@ type ImageConfig struct {
 
 // HostUser describes the host user
 type HostUser struct {
-	// Whether this machine should run in a rootfull or rootless manner
-	Rootfull bool
+	// Whether this machine should run in a rootful or rootless manner
+	Rootful bool
 	// UID is the numerical id of the user that called machine
 	UID int
 }
diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go
index 66f5291c1e..c57fa32fb6 100644
--- a/pkg/machine/qemu/machine.go
+++ b/pkg/machine/qemu/machine.go
@@ -204,7 +204,7 @@ func migrateVM(configPath string, config []byte, vm *MachineVM) error {
 	vm.QMPMonitor = qmpMonitor
 	vm.ReadySocket = readySocket
 	vm.RemoteUsername = old.RemoteUsername
-	vm.Rootfull = old.Rootfull
+	vm.Rootful = old.Rootful
 	vm.UID = old.UID
 
 	// Backup the original config file
@@ -258,7 +258,7 @@ func (v *MachineVM) Init(opts machine.InitOptions) (bool, error) {
 	)
 	sshDir := filepath.Join(homedir.Get(), ".ssh")
 	v.IdentityPath = filepath.Join(sshDir, v.Name)
-	v.Rootfull = opts.Rootfull
+	v.Rootful = opts.Rootful
 
 	switch opts.ImagePath {
 	case Testing, Next, Stable, "":
@@ -356,8 +356,8 @@ func (v *MachineVM) Init(opts machine.InitOptions) (bool, error) {
 		names := []string{v.Name, v.Name + "-root"}
 
 		// The first connection defined when connections is empty will become the default
-		// regardless of IsDefault, so order according to rootfull
-		if opts.Rootfull {
+		// regardless of IsDefault, so order according to rootful
+		if opts.Rootful {
 			uris[0], names[0], uris[1], names[1] = uris[1], names[1], uris[0], names[0]
 		}
 
@@ -435,7 +435,7 @@ func (v *MachineVM) Init(opts machine.InitOptions) (bool, error) {
 }
 
 func (v *MachineVM) Set(_ string, opts machine.SetOptions) error {
-	if v.Rootfull == opts.Rootfull {
+	if v.Rootful == opts.Rootful {
 		return nil
 	}
 
@@ -459,7 +459,7 @@ func (v *MachineVM) Set(_ string, opts machine.SetOptions) error {
 
 	if changeCon {
 		newDefault := v.Name
-		if opts.Rootfull {
+		if opts.Rootful {
 			newDefault += "-root"
 		}
 		if err := machine.ChangeDefault(newDefault); err != nil {
@@ -467,7 +467,7 @@ func (v *MachineVM) Set(_ string, opts machine.SetOptions) error {
 		}
 	}
 
-	v.Rootfull = opts.Rootfull
+	v.Rootful = opts.Rootful
 	return v.writeConfig()
 }
 
@@ -1117,7 +1117,7 @@ func (v *MachineVM) setupAPIForwarding(cmd []string) ([]string, string, apiForwa
 	destSock := fmt.Sprintf("/run/user/%d/podman/podman.sock", v.UID)
 	forwardUser := "core"
 
-	if v.Rootfull {
+	if v.Rootful {
 		destSock = "/run/podman/podman.sock"
 		forwardUser = "root"
 	}
@@ -1323,11 +1323,11 @@ func (v *MachineVM) waitAPIAndPrintInfo(forwardState apiForwardingState, forward
 	}
 
 	waitAndPingAPI(forwardSock)
-	if !v.Rootfull {
+	if !v.Rootful {
 		fmt.Printf("\nThis machine is currently configured in rootless mode. If your containers\n")
 		fmt.Printf("require root permissions (e.g. ports < 1024), or if you run into compatibility\n")
 		fmt.Printf("issues with non-podman clients, you can switch using the following command: \n")
-		fmt.Printf("\n\tpodman machine set --rootfull%s\n\n", suffix)
+		fmt.Printf("\n\tpodman machine set --rootful%s\n\n", suffix)
 	}
 
 	fmt.Printf("API forwarding listening on: %s\n", forwardSock)
diff --git a/pkg/machine/wsl/machine.go b/pkg/machine/wsl/machine.go
index dc3f33fa76..dff7bfef95 100644
--- a/pkg/machine/wsl/machine.go
+++ b/pkg/machine/wsl/machine.go
@@ -165,8 +165,8 @@ type MachineVM struct {
 	Port int
 	// RemoteUsername of the vm user
 	RemoteUsername string
-	// Whether this machine should run in a rootfull or rootless manner
-	Rootfull bool
+	// Whether this machine should run in a rootful or rootless manner
+	Rootful bool
 }
 
 type ExitCodeError struct {
@@ -232,7 +232,7 @@ func (v *MachineVM) Init(opts machine.InitOptions) (bool, error) {
 	homeDir := homedir.Get()
 	sshDir := filepath.Join(homeDir, ".ssh")
 	v.IdentityPath = filepath.Join(sshDir, v.Name)
-	v.Rootfull = opts.Rootfull
+	v.Rootful = opts.Rootful
 
 	if err := downloadDistro(v, opts); err != nil {
 		return false, err
@@ -316,8 +316,8 @@ func setupConnections(v *MachineVM, opts machine.InitOptions, sshDir string) err
 	names := []string{v.Name, v.Name + "-root"}
 
 	// The first connection defined when connections is empty will become the default
-	// regardless of IsDefault, so order according to rootfull
-	if opts.Rootfull {
+	// regardless of IsDefault, so order according to rootful
+	if opts.Rootful {
 		uris[0], names[0], uris[1], names[1] = uris[1], names[1], uris[0], names[0]
 	}
 
@@ -733,7 +733,7 @@ func pipeCmdPassThrough(name string, input string, arg ...string) error {
 }
 
 func (v *MachineVM) Set(name string, opts machine.SetOptions) error {
-	if v.Rootfull == opts.Rootfull {
+	if v.Rootful == opts.Rootful {
 		return nil
 	}
 
@@ -744,7 +744,7 @@ func (v *MachineVM) Set(name string, opts machine.SetOptions) error {
 
 	if changeCon {
 		newDefault := v.Name
-		if opts.Rootfull {
+		if opts.Rootful {
 			newDefault += "-root"
 		}
 		if err := machine.ChangeDefault(newDefault); err != nil {
@@ -752,7 +752,7 @@ func (v *MachineVM) Set(name string, opts machine.SetOptions) error {
 		}
 	}
 
-	v.Rootfull = opts.Rootfull
+	v.Rootful = opts.Rootful
 	return v.writeConfig()
 }
 
@@ -768,7 +768,7 @@ func (v *MachineVM) Start(name string, _ machine.StartOptions) error {
 		return errors.Wrap(err, "WSL bootstrap script failed")
 	}
 
-	if !v.Rootfull {
+	if !v.Rootful {
 		fmt.Printf("\nThis machine is currently configured in rootless mode. If your containers\n")
 		fmt.Printf("require root permissions (e.g. ports < 1024), or if you run into compatibility\n")
 		fmt.Printf("issues with non-podman clients, you can switch using the following command: \n")
@@ -777,7 +777,7 @@ func (v *MachineVM) Start(name string, _ machine.StartOptions) error {
 		if name != machine.DefaultMachineName {
 			suffix = " " + name
 		}
-		fmt.Printf("\n\tpodman machine set --rootfull%s\n\n", suffix)
+		fmt.Printf("\n\tpodman machine set --rootful%s\n\n", suffix)
 	}
 
 	globalName, pipeName, err := launchWinProxy(v)
@@ -833,7 +833,7 @@ func launchWinProxy(v *MachineVM) (bool, string, error) {
 	destSock := "/run/user/1000/podman/podman.sock"
 	forwardUser := v.RemoteUsername
 
-	if v.Rootfull {
+	if v.Rootful {
 		destSock = "/run/podman/podman.sock"
 		forwardUser = "root"
 	}
diff --git a/rootless.md b/rootless.md
index d485290f2b..39c961d2a6 100644
--- a/rootless.md
+++ b/rootless.md
@@ -18,7 +18,7 @@ can easily fail
 * Some system unit configuration options do not work in the rootless container
   * systemd fails to apply several options and failures are silently ignored (e.g. CPUShares, MemoryLimit). Should work on cgroup V2.
   * Use of certain options will cause service startup failures (e.g. PrivateNetwork).  The systemd services requiring `PrivateNetwork` can be made to work by passing `--cap-add SYS_ADMIN`, but the security implications should be carefully evaluated.  In most cases, it's better to create an override.conf drop-in that sets `PrivateNetwork=no`.  This also applies to containers run by root.
-* Can not share container images with CRI-O or other rootfull users
+* Can not share container images with CRI-O or other rootful users
 * Difficult to use additional stores for sharing content
 * Does not work on NFS or parallel filesystem homedirs (e.g. [GPFS](https://www.ibm.com/support/knowledgecenter/en/SSFKCN/gpfs_welcome.html))
   * NFS and parallel filesystems enforce file creation on different UIDs on the server side and does not understand User Namespace.
diff --git a/test/e2e/exec_test.go b/test/e2e/exec_test.go
index 4cfaa9a2e4..3987746d08 100644
--- a/test/e2e/exec_test.go
+++ b/test/e2e/exec_test.go
@@ -123,7 +123,7 @@ var _ = Describe("Podman exec", func() {
 	})
 
 	It("podman exec in keep-id container drops privileges", func() {
-		SkipIfNotRootless("This function is not enabled for rootfull podman")
+		SkipIfNotRootless("This function is not enabled for rootful podman")
 		ctrName := "testctr1"
 		testCtr := podmanTest.Podman([]string{"run", "-d", "--name", ctrName, "--userns=keep-id", ALPINE, "top"})
 		testCtr.WaitWithDefaultTimeout()
diff --git a/test/e2e/mount_rootless_test.go b/test/e2e/mount_rootless_test.go
index 830c2dcda4..30d7ce8a93 100644
--- a/test/e2e/mount_rootless_test.go
+++ b/test/e2e/mount_rootless_test.go
@@ -17,7 +17,7 @@ var _ = Describe("Podman mount", func() {
 	)
 
 	BeforeEach(func() {
-		SkipIfNotRootless("This function is not enabled for rootfull podman")
+		SkipIfNotRootless("This function is not enabled for rootful podman")
 		SkipIfRemote("Podman mount not supported for remote connections")
 		tempdir, err = CreateTempDirInTempDir()
 		if err != nil {
diff --git a/test/e2e/network_test.go b/test/e2e/network_test.go
index a7981a4d88..89a9005f5e 100644
--- a/test/e2e/network_test.go
+++ b/test/e2e/network_test.go
@@ -254,7 +254,7 @@ var _ = Describe("Podman network", func() {
 
 		expectedNetworks := []string{name}
 		if !rootless.IsRootless() {
-			// rootfull image contains "podman/cni/87-podman-bridge.conflist" for "podman" network
+			// rootful image contains "podman/cni/87-podman-bridge.conflist" for "podman" network
 			expectedNetworks = append(expectedNetworks, "podman")
 		}
 		session := podmanTest.Podman(append([]string{"network", "inspect"}, expectedNetworks...))
diff --git a/test/system/270-socket-activation.bats b/test/system/270-socket-activation.bats
index 19f68abdd1..6d582be180 100644
--- a/test/system/270-socket-activation.bats
+++ b/test/system/270-socket-activation.bats
@@ -90,7 +90,7 @@ function teardown() {
 
 @test "podman system service - socket activation - kill rootless pause" {
     if ! is_rootless; then
-        skip "there is no pause process when running rootfull"
+        skip "there is no pause process when running rootful"
     fi
     run_podman run -d $IMAGE sleep 90
     cid="$output"
diff --git a/test/system/helpers.bash b/test/system/helpers.bash
index 1a1dc0df9a..b41be53bcb 100644
--- a/test/system/helpers.bash
+++ b/test/system/helpers.bash
@@ -483,7 +483,7 @@ function skip_if_root_ubuntu {
     if is_ubuntu; then
         if ! is_remote; then
             if ! is_rootless; then
-                 skip "Cannot run this test on rootfull ubuntu, usually due to user errors"
+                 skip "Cannot run this test on rootful ubuntu, usually due to user errors"
             fi
         fi
     fi

From a615cb2fe22dbfb3ec0acc0e60d8f849301c3aac Mon Sep 17 00:00:00 2001
From: Ashley Cui 
Date: Mon, 25 Apr 2022 11:36:16 -0400
Subject: [PATCH 2/2] Docs rootfull -> rootful

Some docs say roofull. Change to rootful.

[NO NEW TESTS NEEDED]

Signed-off-by: Ashley Cui 
---
 docs/source/markdown/podman-build.1.md        |  4 ++--
 docs/source/markdown/podman-create.1.md       |  8 ++++----
 .../markdown/podman-network-reload.1.md       |  2 +-
 docs/source/markdown/podman-play-kube.1.md    |  4 ++--
 docs/source/markdown/podman-pod-create.1.md   |  4 ++--
 docs/source/markdown/podman-pull.1.md         |  2 +-
 docs/source/markdown/podman-run.1.md          |  8 ++++----
 .../markdown/podman-system-service.1.md       |  2 +-
 docs/tutorials/basic_networking.md            | 20 +++++++++----------
 test/system/500-networking.bats               |  2 +-
 test/system/helpers.bash                      |  2 +-
 11 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md
index 86801c72f3..bd1e673b83 100644
--- a/docs/source/markdown/podman-build.1.md
+++ b/docs/source/markdown/podman-build.1.md
@@ -685,7 +685,7 @@ suitable group name to use as the default setting for this option.
 
 **NOTE:** When this option is specified by a rootless user, the specified
 mappings are relative to the rootless user namespace in the container, rather
-than being relative to the host as it would be when run rootfull.
+than being relative to the host as it would be when run rootful.
 
 #### **--userns-uid-map**=*mapping*
 
@@ -721,7 +721,7 @@ suitable user name to use as the default setting for this option.
 
 **NOTE:** When this option is specified by a rootless user, the specified
 mappings are relative to the rootless user namespace in the container, rather
-than being relative to the host as it would be when run rootfull.
+than being relative to the host as it would be when run rootful.
 
 #### **--uts**=*how*
 
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index 15ae28dc34..c63e8814b8 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -704,7 +704,7 @@ Set the network mode for the container. Invalid if using **--dns**, **--dns-opt*
 
 Valid _mode_ values are:
 
-- **bridge[:OPTIONS,...]**: Create a network stack on the default bridge. This is the default for rootfull containers. It is possible to specify these additional options:
+- **bridge[:OPTIONS,...]**: Create a network stack on the default bridge. This is the default for rootful containers. It is possible to specify these additional options:
   - **alias=name**: Add network-scoped alias for the container.
   - **ip=IPv4**: Specify a static ipv4 address for this container.
   - **ip=IPv6**: Specify a static ipv6 address for this container.
@@ -717,7 +717,7 @@ Valid _mode_ values are:
 - **container:**_id_: Reuse another container's network stack.
 - **host**: Do not create a network namespace, the container will use the host's network. Note: The host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
 - **ns:**_path_: Path to a network namespace to join.
-- **private**: Create a new namespace for the container. This will use the **bridge** mode for rootfull containers and **slirp4netns** for rootless ones.
+- **private**: Create a new namespace for the container. This will use the **bridge** mode for rootful containers and **slirp4netns** for rootless ones.
 - **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf:
   - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false.
   - **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`).
@@ -1118,8 +1118,8 @@ option conflicts with the **--userns** and **--subuidname** options. This
 option provides a way to map host UIDs to container UIDs. It can be passed
 several times to map different ranges.
 
-The _from_uid_ value is based upon the user running the command, either rootfull or rootless users.
-* rootfull user:  *container_uid*:*host_uid*:*amount*
+The _from_uid_ value is based upon the user running the command, either rootful or rootless users.
+* rootful user:  *container_uid*:*host_uid*:*amount*
 * rootless user: *container_uid*:*intermediate_uid*:*amount*
 
 When **podman create** is called by a privileged user, the option **--uidmap**
diff --git a/docs/source/markdown/podman-network-reload.1.md b/docs/source/markdown/podman-network-reload.1.md
index 5cbe9b9bf4..31d10829e8 100644
--- a/docs/source/markdown/podman-network-reload.1.md
+++ b/docs/source/markdown/podman-network-reload.1.md
@@ -9,7 +9,7 @@ podman\-network\-reload - Reload network configuration for containers
 ## DESCRIPTION
 Reload one or more container network configurations.
 
-Rootfull Podman relies on iptables rules in order to provide network connectivity. If the iptables rules are deleted,
+Rootful Podman relies on iptables rules in order to provide network connectivity. If the iptables rules are deleted,
 this happens for example with `firewall-cmd --reload`, the container loses network connectivity. This command restores
 the network connectivity.
 
diff --git a/docs/source/markdown/podman-play-kube.1.md b/docs/source/markdown/podman-play-kube.1.md
index 8b56d109ae..8ed71b734c 100644
--- a/docs/source/markdown/podman-play-kube.1.md
+++ b/docs/source/markdown/podman-play-kube.1.md
@@ -188,7 +188,7 @@ Note: When joining multiple networks you should use the **--network name:mac=\