containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

libpod: handle single user mapped as root 

if a single user is mapped in the user namespace, handle it as root.

It is needed for running unprivileged containers with a single user
available without being forced to run with euid and egid set to 0.

Needs: https://github.com/containers/storage/pull/794

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano 2020-12-22 16:32:04 +01:00
parent 231c528a4d
commit 64571ea0a4
No known key found for this signature in database
GPG Key ID: E4730F97F60286ED
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libpod/container.go
View File

@ -1012,6 +1012,9 @@ func (c *Container) IDMappings() (storage.IDMappingOptions, error) {
// RootUID returns the root user mapping from container
func (c *Container) RootUID() int {
if len(c.config.IDMappings.UIDMap) == 1 && c.config.IDMappings.UIDMap[0].Size == 1 {
return c.config.IDMappings.UIDMap[0].HostID
}
for _, uidmap := range c.config.IDMappings.UIDMap {
if uidmap.ContainerID == 0 {
return uidmap.HostID
@ -1022,6 +1025,9 @@ func (c *Container) RootUID() int {
// RootGID returns the root user mapping from container
func (c *Container) RootGID() int {
if len(c.config.IDMappings.GIDMap) == 1 && c.config.IDMappings.GIDMap[0].Size == 1 {
return c.config.IDMappings.GIDMap[0].HostID
}
for _, gidmap := range c.config.IDMappings.GIDMap {
if gidmap.ContainerID == 0 {
return gidmap.HostID