From: Akihiko Odaki <akihiko.odaki@daynix.com>
To: "Alex Bennée" <alex.bennee@linaro.org>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Thomas Huth" <thuth@redhat.com>,
"Wainer dos Santos Moschetta" <wainersm@redhat.com>,
"Beraldo Leal" <bleal@redhat.com>
Cc: qemu-devel@nongnu.org, Akihiko Odaki <akihiko.odaki@daynix.com>
Subject: [PATCH] tests/docker: Specify --userns keep-id for Podman
Date: Wed, 26 Jun 2024 20:09:37 +0900 [thread overview]
Message-ID: <20240626-podman-v1-1-f8c8daf2bb0a@daynix.com> (raw)
Previously we are always specifying -u $(UID) to match the UID in the
container with one outside. This causes a problem with rootless Podman.
Rootless Podman remaps user IDs in the container to ones controllable
for the current user outside. The -u option instructs Podman to use
a specified UID in the container but does not affect the UID remapping.
Therefore, the UID in the container can be remapped to some other UID
outside the container. This can make the access to bind-mounted volumes
fail because the remapped UID mismatches with the owner of the
directories.
Replace -u $(UID) with --userns keep-id, which fixes the UID remapping.
This change is limited to Podman because Docker does not support
--userns keep-id.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
---
tests/docker/Makefile.include | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index 8df50a0ca06f..708e3a72fb8a 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -207,7 +207,12 @@ docker-run: docker-qemu-src
$(call quiet-command, \
$(RUNC) run \
--rm \
- $(if $(NOUSER),,-u $(UID)) \
+ $(if $(NOUSER),, \
+ $(if $(filter docker,$(RUNC)), \
+ -u $(UID), \
+ --userns keep-id \
+ ) \
+ ) \
--security-opt seccomp=unconfined \
$(if $(DEBUG),-ti,) \
$(if $(NETWORK),$(if $(subst $(NETWORK),,1),--net=$(NETWORK)),--net=none) \
---
base-commit: 74abb45dac6979e7ff76172b7f0a24e869405184
change-id: 20240620-podman-99d55d3a610b
Best regards,
--
Akihiko Odaki <akihiko.odaki@daynix.com>
next reply other threads:[~2024-06-26 11:10 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-26 11:09 Akihiko Odaki [this message]
2024-06-26 16:16 ` [PATCH] tests/docker: Specify --userns keep-id for Podman Alex Bennée
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240626-podman-v1-1-f8c8daf2bb0a@daynix.com \
--to=akihiko.odaki@daynix.com \
--cc=alex.bennee@linaro.org \
--cc=bleal@redhat.com \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=thuth@redhat.com \
--cc=wainersm@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).