Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Quadlet - Support setting UID and GID for --userns=keep-id #17961

Merged
merged 2 commits into from
Mar 29, 2023
Merged

Quadlet - Support setting UID and GID for --userns=keep-id #17961

merged 2 commits into from
Mar 29, 2023

Conversation

ygalblum
Copy link
Contributor

Does this PR introduce a user-facing change?

Yes

Quadlet - Support setting UID and GID for --userns=keep-id

Resolves: #17908

ygalblum added 2 commits March 28, 2023 15:57
@ygalblum
Quadlet E2E test - run quadlet as user generator
b5df38c 
Some key are available only for user scope while there are no keys that
are supported only for system. So, better to run in user scope

Signed-off-by: Ygal Blum <[email protected]>
@ygalblum
Quadlet: add support for keep-id with mapping values
11e5c2d 
Signed-off-by: Ygal Blum <[email protected]>
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Mar 28, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ygalblum

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 28, 2023
vrothberg
vrothberg reviewed Mar 28, 2023
View reviewed changes
Copy link
Member

@vrothberg vrothberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
@giuseppe @rhatdan PTAL

@rhatdan
Copy link
Member

rhatdan commented Mar 28, 2023

Why not just support
RemapUsers=keep-id:uid=100:gid200?

I would rather just see us support this syntax then adding the new Remap classes.

@giuseppe WDYT?

@ygalblum
Copy link
Contributor Author

Why not just support
RemapUsers=keep-id:uid=100:gid200?

Initially that's what I implemented. But, then I looked at how RemapUsers=auto is implemented (using KeyRemapUID and KeyRemapGID) and decided to align with the same convention

@vrothberg
Copy link
Member

Why not just support
RemapUsers=keep-id:uid=100:gid200?

Initially that's what I implemented. But, then I looked at how RemapUsers=auto is implemented (using KeyRemapUID and KeyRemapGID) and decided to align with the same convention

SGTM +1

@giuseppe
Copy link
Member

Initially that's what I implemented. But, then I looked at how RemapUsers=auto is implemented (using KeyRemapUID and KeyRemapGID) and decided to align with the same convention

I am fine this way if you prefer it, my only concern is that it makes it more difficult to extend the feature in the future if we decide to add more options to keep-id. For example, userns=auto supports already quite a few knobs, would these need to be exposed as well?

@ygalblum
Copy link
Contributor Author

For example, userns=auto supports already quite a few knobs, would these need to be exposed as well?

Quadlet does not have a key that is a one to one assignment to the userns argument. So, yes, additional nobs would require new keys.

Keep in mind that the initial thought was that Quadlet would not provide a dedicated key for each and every podman run argument or value. Instead, the Container section supports a PodmanArgs key that is passes as is to podman run.

@rhatdan
Copy link
Member

rhatdan commented Mar 29, 2023

Right my concern is we see an explosion of keys, which is what we are starting to see.

@rhatdan
Copy link
Member

rhatdan commented Mar 29, 2023

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Mar 29, 2023
@openshift-merge-robot openshift-merge-robot merged commit 60d16d9 into containers:main Mar 29, 2023
@vrothberg
Copy link
Member

Should we revisit this design decision and just add a UserNS key and deprecate/remove the other ones?

The --userns flag is already something very advanced, so it may be more complicated for users having to decompose the --userns arguments into multiple Quadlet fields.

@giuseppe
Copy link
Member

I agree, let's avoid another abstraction

@ygalblum ygalblum mentioned this pull request Mar 30, 2023
Closed
@ygalblum
Copy link
Contributor Author

Let's continue the discussion in the new issue I opened: #17984

@ygalblum ygalblum deleted the quadlet-remap-keepid-map branch March 30, 2023 12:50
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 4, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 4, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@vrothberg vrothberg vrothberg left review comments

Assignees

@rhatdan rhatdan

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. release-note
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Quadlet: Support keep-id options in RemapUsers
5 participants
@ygalblum @rhatdan @vrothberg @giuseppe @openshift-merge-robot