Skip to content

Commit

Permalink
Merge pull request #24306 from Luap99/quadlet-root-test
Browse files Browse the repository at this point in the history 
quadlet: do not reject RemapUsers=keep-id as root
  • Loading branch information
@openshift-merge-bot
openshift-merge-bot[bot] authored Oct 17, 2024
2 parents 993ecd5 + 9c6b1e2 commit 740f1d1
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 11 deletions.
16 changes: 6 additions & 10 deletions pkg/systemd/quadlet/quadlet.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -782,7 +782,7 @@ func ConvertContainer(container *parser.UnitFile, isUser bool, unitsInfoMap map[
return nil, err
}

if err := handleUserMappings(container, ContainerGroup, podman, isUser, true); err != nil {
if err := handleUserMappings(container, ContainerGroup, podman, true); err != nil {
return nil, err
}

Expand Down Expand Up @@ -1224,7 +1224,7 @@ func ConvertKube(kube *parser.UnitFile, unitsInfoMap map[string]*UnitInfo, isUse
handleLogDriver(kube, KubeGroup, execStart)
handleLogOpt(kube, KubeGroup, execStart)

if err := handleUserMappings(kube, KubeGroup, execStart, isUser, false); err != nil {
if err := handleUserMappings(kube, KubeGroup, execStart, false); err != nil {
return nil, err
}

Expand Down Expand Up @@ -1613,7 +1613,7 @@ func ConvertPod(podUnit *parser.UnitFile, name string, unitsInfoMap map[string]*
"--replace",
)

if err := handleUserMappings(podUnit, PodGroup, execStartPre, isUser, true); err != nil {
if err := handleUserMappings(podUnit, PodGroup, execStartPre, true); err != nil {
return nil, err
}

Expand Down Expand Up @@ -1684,7 +1684,7 @@ func handleUser(unitFile *parser.UnitFile, groupName string, podman *PodmanCmdli
return nil
}

func handleUserMappings(unitFile *parser.UnitFile, groupName string, podman *PodmanCmdline, isUser, supportManual bool) error {
func handleUserMappings(unitFile *parser.UnitFile, groupName string, podman *PodmanCmdline, supportManual bool) error {
mappingsDefined := false

if userns, ok := unitFile.Lookup(groupName, KeyUserNS); ok && len(userns) > 0 {
Expand Down Expand Up @@ -1724,10 +1724,10 @@ func handleUserMappings(unitFile *parser.UnitFile, groupName string, podman *Pod
return nil
}

return handleUserRemap(unitFile, groupName, podman, isUser, supportManual)
return handleUserRemap(unitFile, groupName, podman, supportManual)
}

func handleUserRemap(unitFile *parser.UnitFile, groupName string, podman *PodmanCmdline, isUser, supportManual bool) error {
func handleUserRemap(unitFile *parser.UnitFile, groupName string, podman *PodmanCmdline, supportManual bool) error {
uidMaps := unitFile.LookupAllStrv(groupName, KeyRemapUid)
gidMaps := unitFile.LookupAllStrv(groupName, KeyRemapGid)
remapUsers, _ := unitFile.LookupLast(groupName, KeyRemapUsers)
Expand Down Expand Up @@ -1765,10 +1765,6 @@ func handleUserRemap(unitFile *parser.UnitFile, groupName string, podman *Podman

podman.add("--userns", usernsOpts("auto", autoOpts))
case "keep-id":
if !isUser {
return fmt.Errorf("RemapUsers=keep-id is unsupported for system units")
}

keepidOpts := make([]string, 0)
if len(uidMaps) > 0 {
if len(uidMaps) > 1 {
Expand Down
7 changes: 6 additions & 1 deletion test/e2e/quadlet_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -660,7 +660,12 @@ var _ = Describe("quadlet system generator", func() {
}

// Run quadlet to convert the file
session := podmanTest.Quadlet([]string{"--user", "--no-kmsg-log", generatedDir}, quadletDir)
var args []string
if isRootless() {
args = append(args, "--user")
}
args = append(args, "--no-kmsg-log", generatedDir)
session := podmanTest.Quadlet(args, quadletDir)
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(exitCode))

Expand Down

1 comment on commit 740f1d1

@packit-as-a-service
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

podman-next COPR build failed. @containers/packit-build please check.

Please sign in to comment.