Skip to content
This repository has been archived by the owner on May 2, 2024. It is now read-only.

Issue: #399 Update mod.rs, quickfix workaround #400

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Issue: #399 Update mod.rs, quickfix workaround #400

wants to merge 4 commits into from

Conversation

johne8
Copy link
Contributor

@johne8 johne8 commented Nov 14, 2023

Workaround for issue #399
allow podman to run with --userns=keep-id

@johne8
Update mod.rs, quickfix
78069b4 
allow podman to run with --userns=keep-id
@johne8 johne8 requested a review from a team as a code owner November 14, 2023 23:03
@codecov Codecov
Copy link

codecov bot commented Nov 14, 2023
edited
Loading

Codecov Report

Attention: 7 lines in your changes are missing coverage. Please review.

Comparison is base (8b04ff2) 83.23% compared to head (941b339) 83.10%.

Files Patch % Lines
nss/src/cache/mod.rs 74.07% 5 Missing and 2 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #400      +/-   ##
==========================================
- Coverage   83.23%   83.10%   -0.13%     
==========================================
  Files          36       36              
  Lines        2964     2983      +19     
  Branches      279      288       +9     
==========================================
+ Hits         2467     2479      +12     
- Misses        377      382       +5     
- Partials      120      122       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

didrocks
didrocks reviewed Nov 15, 2023
View reviewed changes
Copy link
Member

@didrocks didrocks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@johne8: thanks for looking at this and help at figuring out your issue with podman!

I don’t really like that we hardcode the ownership integer value of nobody, which can vary depending on the distribution and user config.

Secondly, this check is to ensure an integrity of the database and poking a hole there doesn’t seem like the right solution. I think looking at the user namespace mapping might help there to ensure that in the parent namespace, the uid/gid still match the expecations, wdyt?

@johne8
Copy link
Contributor Author

johne8 commented Nov 17, 2023

@johne8: thanks for looking at this and help at figuring out your issue with podman!

I don’t really like that we hardcode the ownership integer value of nobody, which can vary depending on the distribution and user config.

Secondly, this check is to ensure an integrity of the database and poking a hole there doesn’t seem like the right solution. I think looking at the user namespace mapping might help there to ensure that in the parent namespace, the uid/gid still match the expecations, wdyt?

hmm, I'm not too familiar with namespaces. The best thing I can think of currently is reading the values of: /proc/sys/kernel/overflowuid and /proc/sys/kernel/overflowgid, then check if the uid and gid owner matches that.

@johne8
Copy link
Contributor Author

johne8 commented Jan 6, 2024

Have you checked out my latest commit? It seems to work fine :)

Also in Ubuntu 22.04 LTS, it seems like UID/GID above 2147483647 (SignedInt) causes issues in gnome.

So needed to add some workaround for this also by reducing the UID of the users that have a UID calculated above that value.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@didrocks didrocks didrocks left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@johne8 @didrocks