Skip to content

Commit

Permalink
Simplify code by taking advantage of 'podman create --userns=keep-id'
Browse files Browse the repository at this point in the history 
This lets podman do the calculations for mapping the host UID into the
user namespace within the container. See cfcf4eb for original
context.

The '--userns=keep-id' option was introduced in Podman 1.4.0, which is
old enough to be in even RHEL 7.

https://github.com/debarshiray/toolbox/issues/244
  • Loading branch information
@dustymabe @debarshiray
dustymabe authored and debarshiray committed Sep 4, 2019
1 parent 5e63e9e commit f152426
Showing 1 changed file with 1 addition and 7 deletions.
8 changes: 1 addition & 7 deletions toolbox
View file
Original file line number Diff line number Diff line change
Expand Up @@ -751,10 +751,6 @@ create()
toolbox_profile_bind="--volume /etc/profile.d/toolbox.sh:/etc/profile.d/toolbox.sh:ro"
fi

max_uid_count=65536
max_minus_uid=$((max_uid_count - user_id_real))
uid_plus_one=$((user_id_real + 1))

if ! home_canonical=$(readlink --canonicalize "$HOME" 2>&3); then
echo "$base_toolbox_command: failed to canonicalize $HOME" >&2
return 1
Expand Down Expand Up @@ -806,9 +802,7 @@ create()
--pid host \
--privileged \
--security-opt label=disable \
--uidmap "$user_id_real":0:1 \
--uidmap 0:1:"$user_id_real" \
--uidmap "$uid_plus_one":"$uid_plus_one":"$max_minus_uid" \
--userns=keep-id \
--user root:root \
$kcm_socket_bind \
$toolbox_path_bind \
Expand Down

0 comments on commit f152426

Please sign in to comment.