diff --git a/docs/source/markdown/options/userns.container.md b/docs/source/markdown/options/userns.container.md index 7c0c68f657..6c24f0aa69 100644 --- a/docs/source/markdown/options/userns.container.md +++ b/docs/source/markdown/options/userns.container.md @@ -4,7 +4,7 @@ ####> are applicable to all of those. #### **--userns**=*mode* -Set the user namespace mode for the container. It defaults to the **PODMAN_USERNS** environment variable. An empty value ("") means user namespaces are disabled unless an explicit mapping is set with the **--uidmap** and **--gidmap** options. +Set the user namespace mode for the container. It defaults to the **PODMAN_USERNS** environment variable unless `--pod` is specified. An empty value ("") means user namespaces are disabled unless an explicit mapping is set with the **--uidmap** and **--gidmap** options. This option is incompatible with **--gidmap**, **--uidmap**, **--subuidname** and **--subgidname**. diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go index 903232e448..16c1b30810 100644 --- a/pkg/specgenutil/specgen.go +++ b/pkg/specgenutil/specgen.go @@ -220,9 +220,9 @@ func setNamespaces(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions) return err } } - userns := os.Getenv("PODMAN_USERNS") - if c.UserNS != "" { - userns = c.UserNS + userns := c.UserNS + if userns == "" && c.Pod == "" { + userns = os.Getenv("PODMAN_USERNS") } // userns must be treated differently if userns != "" { diff --git a/test/e2e/run_userns_test.go b/test/e2e/run_userns_test.go index 4f4aa80b92..3d744ae5d1 100644 --- a/test/e2e/run_userns_test.go +++ b/test/e2e/run_userns_test.go @@ -395,6 +395,11 @@ var _ = Describe("Podman UserNS support", func() { inspect.WaitWithDefaultTimeout() Expect(inspect.OutputToString()).To(Not(Equal(""))) + // --pod should work. + result = podmanTest.Podman([]string{"create", "--pod=new:new-pod", ALPINE, "true"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + if IsRemote() { podmanTest.RestartRemoteService() }