[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v2 05/40] tests/docker: Specify --userns keep-id for Podman
|
From: |
Alex Bennée |
|
Subject: |
[PATCH v2 05/40] tests/docker: Specify --userns keep-id for Podman |
|
Date: |
Fri, 5 Jul 2024 09:40:12 +0100 |
From: Akihiko Odaki <akihiko.odaki@daynix.com>
Previously we are always specifying -u $(UID) to match the UID in the
container with one outside. This causes a problem with rootless Podman.
Rootless Podman remaps user IDs in the container to ones controllable
for the current user outside. The -u option instructs Podman to use
a specified UID in the container but does not affect the UID remapping.
Therefore, the UID in the container can be remapped to some other UID
outside the container. This can make the access to bind-mounted volumes
fail because the remapped UID mismatches with the owner of the
directories.
Replace -u $(UID) with --userns keep-id, which fixes the UID remapping.
This change is limited to Podman because Docker does not support
--userns keep-id.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-Id: <20240626-podman-v1-1-f8c8daf2bb0a@daynix.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
---
tests/docker/Makefile.include | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index 8df50a0ca0..708e3a72fb 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -207,7 +207,12 @@ docker-run: docker-qemu-src
$(call quiet-command, \
$(RUNC) run \
--rm \
- $(if $(NOUSER),,-u $(UID)) \
+ $(if $(NOUSER),, \
+ $(if $(filter docker,$(RUNC)), \
+ -u $(UID), \
+ --userns keep-id \
+ ) \
+ ) \
--security-opt seccomp=unconfined \
$(if $(DEBUG),-ti,) \
$(if $(NETWORK),$(if $(subst
$(NETWORK),,1),--net=$(NETWORK)),--net=none) \
--
2.39.2
- [PATCH v2 00/40] July maintainer updates (32bit, testing, plugins, gdbstub), Alex Bennée, 2024/07/05
- [PATCH v2 02/40] testing: restore some testing for i686, Alex Bennée, 2024/07/05
- [PATCH v2 03/40] tracepoints: move physmem trace points, Alex Bennée, 2024/07/05
- [PATCH v2 01/40] tests/lcitool: fix debian-i686-cross toolchain prefix, Alex Bennée, 2024/07/05
- [PATCH v2 04/40] hw/core: ensure kernel_end never gets used undefined, Alex Bennée, 2024/07/05
- [PATCH v2 07/40] tests/tcg: Adjust variable defintion from cc-option, Alex Bennée, 2024/07/05
- [PATCH v2 06/40] tests/tcg/minilib: Constify digits in print_num, Alex Bennée, 2024/07/05
- [PATCH v2 05/40] tests/docker: Specify --userns keep-id for Podman,
Alex Bennée <=
- [PATCH v2 10/40] tests/tcg/aarch64: Fix irg operand type, Alex Bennée, 2024/07/05
- [PATCH v2 08/40] tests/tcg/aarch64: Drop -fno-tree-loop-distribute-patterns, Alex Bennée, 2024/07/05
- [PATCH v2 15/40] tests/tcg/arm: Use -fno-integrated-as for test-arm-iwmmxt, Alex Bennée, 2024/07/05
- [PATCH v2 18/40] tests/tcg/arm: Use vmrs/vmsr instead of mcr/mrc, Alex Bennée, 2024/07/05
- [PATCH v2 09/40] tests/tcg/aarch64: Explicitly specify register width, Alex Bennée, 2024/07/05
- [PATCH v2 17/40] tests/tcg/arm: Use -march and -mfpu for fcvt, Alex Bennée, 2024/07/05
- [PATCH v2 20/40] gitlab: don't bother with KVM for TCI builds, Alex Bennée, 2024/07/05