Skip to content

Commit

Permalink
volumes: add new option idmap
Browse files Browse the repository at this point in the history
pass down the "idmap" mount option to the OCI runtime.

Needs: containers/crun#780

Closes: containers#12154

[NO NEW TESTS NEEDED] there is no crun version yet that support the
new feature.

Test case (must run as root):

podman run --rm -v foo:/foo alpine touch /foo/bar

podman run --uidmap 0:1:1000 --rm -v foo:/foo:idmap alpine ls -l /foo
total 0
-rw-r--r--    1 root     root             0 Nov 15 14:01 bar

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
  • Loading branch information
giuseppe committed Nov 18, 2021
1 parent 9b96494 commit e83d366
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 6 deletions.
10 changes: 7 additions & 3 deletions docs/source/markdown/podman-create.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -606,7 +606,9 @@ Current supported mount TYPEs are **bind**, **volume**, **image**, **tmpfs** and

· ro, readonly: true or false (default).

. U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container.
. U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container.

· idmap: true or false (default). If specified, create an idmapped mount to the target user namespace in the container.

Options specific to image:

Expand All @@ -622,7 +624,9 @@ Current supported mount TYPEs are **bind**, **volume**, **image**, **tmpfs** and

. relabel: shared, private.

. U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container.
· idmap: true or false (default). If specified, create an idmapped mount to the target user namespace in the container.

. U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container.

Options specific to tmpfs:

Expand All @@ -636,7 +640,7 @@ Current supported mount TYPEs are **bind**, **volume**, **image**, **tmpfs** and

· notmpcopyup: Disable copying files from the image to the tmpfs.

. U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container.
. U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container.

Options specific to devpts:

Expand Down
10 changes: 7 additions & 3 deletions docs/source/markdown/podman-run.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -633,7 +633,9 @@ Current supported mount TYPEs are **bind**, **volume**, **image**, **tmpfs** and

· ro, readonly: true or false (default).

. U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container.
. U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container.

· idmap: true or false (default). If specified, create an idmapped mount to the target user namespace in the container.

Options specific to image:

Expand All @@ -649,7 +651,9 @@ Current supported mount TYPEs are **bind**, **volume**, **image**, **tmpfs** and

. relabel: shared, private.

. U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container.
· idmap: true or false (default). If specified, create an idmapped mount to the target user namespace in the container.

. U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container.

Options specific to tmpfs:

Expand All @@ -663,7 +667,7 @@ Current supported mount TYPEs are **bind**, **volume**, **image**, **tmpfs** and

· notmpcopyup: Disable copying files from the image to the tmpfs.

. U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container.
. U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container.

Options specific to devpts:

Expand Down
2 changes: 2 additions & 0 deletions pkg/specgenutil/volumes.go
Original file line number Diff line number Diff line change
Expand Up @@ -355,6 +355,8 @@ func getBindMount(args []string) (spec.Mount, error) {
newMount.Options = append(newMount.Options, "U")
}
setOwnership = true
case "idmap":
newMount.Options = append(newMount.Options, "idmap")
case "consistency":
// Often used on MACs and mistakenly on Linux platforms.
// Since Docker ignores this option so shall we.
Expand Down
1 change: 1 addition & 0 deletions pkg/util/mountOpts.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ func ProcessOptions(options []string, isTmpfs bool, sourcePath string) ([]string
// Some options have parameters - size, mode
splitOpt := strings.SplitN(opt, "=", 2)
switch splitOpt[0] {
case "idmap":
case "O":
if len(options) > 1 {
return nil, errors.Wrapf(ErrDupeMntOption, "'O' option can not be used with other options")
Expand Down

0 comments on commit e83d366

Please sign in to comment.