Skip to content

Commit

Permalink
Merge pull request containers#14280 from vrothberg/4.1-backport
Browse files Browse the repository at this point in the history
[v4.1] [BZ #2083997] pod: build pause image in custom user NS
  • Loading branch information
openshift-merge-robot authored May 18, 2022
2 parents 1cb638c + fe29196 commit 12d30e6
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 0 deletions.
6 changes: 6 additions & 0 deletions pkg/specgen/generate/pod_create.go
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,12 @@ ENTRYPOINT ["/catatonit", "-P"]`, catatonitPath)
Quiet: true,
IgnoreFile: "/dev/null", // makes sure to not read a local .ignorefile (see #13529)
IIDFile: "/dev/null", // prevents Buildah from writing the ID on stdout
IDMappingOptions: &buildahDefine.IDMappingOptions{
// Use the host UID/GID mappings for the build to avoid issues when
// running with a custom mapping (BZ #2083997).
HostUIDMapping: true,
HostGIDMapping: true,
},
}
if _, _, err := rt.Build(context.Background(), buildOptions, tmpF.Name()); err != nil {
return "", err
Expand Down
13 changes: 13 additions & 0 deletions test/system/170-run-userns.bats
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,19 @@ function _require_crun() {
is "$output" ".*457" "Check group leaked into container"
}

@test "rootful pod with custom ID mapping" {
skip_if_rootless "does not work rootless - rootful feature"
skip_if_remote "remote --uidmap is broken (see #14233)"
random_pod_name=$(random_string 30)
run_podman pod create --uidmap 0:200000:5000 --name=$random_pod_name
run_podman pod start $random_pod_name

# Remove the pod and the pause image
run_podman pod rm $random_pod_name
run_podman version --format "{{.Server.Version}}-{{.Server.Built}}"
run_podman rmi -f localhost/podman-pause:$output
}

@test "podman --remote --group-add keep-groups " {
if is_remote; then
run_podman 125 run --rm --group-add keep-groups $IMAGE id
Expand Down

0 comments on commit 12d30e6

Please sign in to comment.