containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Setup HOME environment when using --userns=keep-id 

Currently the HOME environment is set to /root if
the user does not override it.

Also walk the parent directories of users homedir
to see if it is volume mounted into the container,
if yes, then set it correctly.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh 2020-10-13 17:43:26 -04:00
parent d1ba9ce555
commit 6ca8067956
No known key found for this signature in database
GPG Key ID: A2DF901DABE2C028
2 changed files with 39 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
libpod/container_internal_linux.go
View File

@ -1717,11 +1717,35 @@ func (c *Container) generateCurrentUserPasswdEntry() (string, int, int, error) {
// If the user's actual home directory exists, or was mounted in - use // If the user's actual home directory exists, or was mounted in - use
// that. // that.
homeDir := c.WorkingDir() homeDir := c.WorkingDir()
if MountExists(c.config.Spec.Mounts, u.HomeDir) { hDir := u.HomeDir
homeDir = u.HomeDir for hDir != "/" {
if MountExists(c.config.Spec.Mounts, hDir) {
homeDir = u.HomeDir
break
}
hDir = filepath.Dir(hDir)
}
if homeDir != u.HomeDir {
for _, hDir := range c.UserVolumes() {
if hDir == u.HomeDir {
homeDir = u.HomeDir
break
}
}
}
// Set HOME environment if not already set
hasHomeSet := false
for _, s := range c.config.Spec.Process.Env {
if strings.HasPrefix(s, "HOME=") {
hasHomeSet = true
break
}
}
if !hasHomeSet {
c.config.Spec.Process.Env = append(c.config.Spec.Process.Env, fmt.Sprintf("HOME=%s", homeDir))
} }
return fmt.Sprintf("%s:*:%s:%s:%s:%s:/bin/sh\n", u.Username, u.Uid, u.Gid, u.Username, homeDir), uid, rootless.GetRootlessGID(), nil return fmt.Sprintf("%s:*:%s:%s:%s:%s:/bin/sh\n", u.Username, u.Uid, u.Gid, u.Name, homeDir), uid, rootless.GetRootlessGID(), nil
} }
// generateUserPasswdEntry generates an /etc/passwd entry for the container user // generateUserPasswdEntry generates an /etc/passwd entry for the container user

12
test/e2e/toolbox_test.go
View File

@ -365,4 +365,16 @@ var _ = Describe("Toolbox-specific testing", func() {
Expect(session.ExitCode()).To(Equal(0)) Expect(session.ExitCode()).To(Equal(0))
Expect(session.OutputToString()).To(ContainSubstring("READY")) Expect(session.OutputToString()).To(ContainSubstring("READY"))
}) })
It("podman run --userns=keep-id check $HOME", func() {
var session *PodmanSessionIntegration
currentUser, err := user.Current()
Expect(err).To(BeNil())
session = podmanTest.Podman([]string{"run", "-v", fmt.Sprintf("%s:%s", currentUser.HomeDir, currentUser.HomeDir), "--userns=keep-id", fedoraToolbox, "sh", "-c", "echo $HOME"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
Expect(session.OutputToString()).To(ContainSubstring(currentUser.HomeDir))
})
}) })