podman pod create --uidmap patch

podmans remote API does not marshal infra's spec due to
the fact that if it did, all of those options would be available to
the users on the command line. This means we need to manually map "backwards"
some container spec items -> pod spec items before calling PodCreate, this was
one of them that was forgotten

resolves #14233

Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Signed-off-by: cdoern <cdoern@redhat.com>

pkg/specgen/podspecgen.go

@@ -4,6 +4,7 @@ import (
 	"net"
 
 	"github.com/containers/common/libnetwork/types"
+	storageTypes "github.com/containers/storage/types"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 )
 
@@ -222,6 +223,10 @@ type PodResourceConfig struct {
 
 type PodSecurityConfig struct {
 	SecurityOpt []string `json:"security_opt,omitempty"`
+	// IDMappings are UID and GID mappings that will be used by user
+	// namespaces.
+	// Required if UserNS is private.
+	IDMappings *storageTypes.IDMappingOptions `json:"idmappings,omitempty"`
 }
 
 // NewPodSpecGenerator creates a new pod spec

test/system/170-run-userns.bats

@@ -38,10 +38,12 @@ function _require_crun() {
 
 @test "rootful pod with custom ID mapping" {
     skip_if_rootless "does not work rootless - rootful feature"
-    skip_if_remote "remote --uidmap is broken (see #14233)"
     random_pod_name=$(random_string 30)
     run_podman pod create --uidmap 0:200000:5000 --name=$random_pod_name
     run_podman pod start $random_pod_name
+    run_podman pod inspect --format '{{.InfraContainerID}}' $random_pod_name
+    run podman inspect --format '{{.HostConfig.IDMappings.UIDMap}}' $output
+    is "$output" ".*0:200000:5000" "UID Map Successful"
 
     # Remove the pod and the pause image
     run_podman pod rm $random_pod_name