Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libpod: allow userns=keep-id for root #17350

Merged
merged 1 commit into from
Feb 3, 2023
Merged

libpod: allow userns=keep-id for root #17350

merged 1 commit into from
Feb 3, 2023

Conversation

giuseppe
Copy link
Member

@giuseppe giuseppe commented Feb 3, 2023
edited by Luap99
Loading

copy the current mapping into a new user namespace, and run into a separate user namespace.

Closes: #17337

Signed-off-by: Giuseppe Scrivano gscrivan@redhat.com

Does this PR introduce a user-facing change?

Now --userns=keep-id also works for root containers and it copies the current mapping into a new user namespace

@openshift-ci openshift-ci bot added release-note approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Feb 3, 2023
@giuseppe giuseppe mentioned this pull request Feb 3, 2023
Closed
flouthoc
flouthoc approved these changes Feb 3, 2023
View reviewed changes
Copy link
Collaborator

@flouthoc flouthoc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Feb 3, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: flouthoc, giuseppe

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@Luap99
Copy link
Member

Luap99 commented Feb 3, 2023

Is there an actual difference between running in a userns with the same mappings compared to just running in the host ns?

@giuseppe
Copy link
Member Author

giuseppe commented Feb 3, 2023

Is there an actual difference between running in a userns with the same mappings compared to just running in the host ns?

only minor differences compared to using a mapping where the "real" root is not mapped.

There are few places in the kernel that just check if it is running in the initial user namespace.

@giuseppe
libpod: allow userns=keep-id for root
de63ad7 
copy the current mapping into a new user namespace, and run into a
separate user namespace.

Closes: containers#17337

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Luap99
Luap99 reviewed Feb 3, 2023
View reviewed changes
Copy link
Member

@Luap99 Luap99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

I changed your release note because it said --userns=auto instead of keep-id, assuming that this was a typo.

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Feb 3, 2023
@openshift-merge-robot openshift-merge-robot merged commit 3654a26 into containers:main Feb 3, 2023
This was referenced Feb 7, 2023
Open
Closed
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 12, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 12, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Luap99 Luap99 Luap99 left review comments

@flouthoc flouthoc flouthoc approved these changes

Assignees

@Luap99 Luap99

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. release-note
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Feature]: Ignore userns=keep-id in rootful mode, instead of erroring out
4 participants
@giuseppe @Luap99 @flouthoc @openshift-merge-robot