[PATCH 05/23] tests/docker: Specify --userns keep-id for Podman

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: "Alex Bennée" <alex.bennee@linaro.org>
To: qemu-devel@nongnu.org
Cc: "David Hildenbrand" <david@redhat.com>,
	"Beraldo Leal" <bleal@redhat.com>,
	"Eduardo Habkost" <eduardo@habkost.net>,
	"Alex Bennée" <alex.bennee@linaro.org>,
	"Wainer dos Santos Moschetta" <wainersm@redhat.com>,
	qemu-arm@nongnu.org, "Peter Xu" <peterx@redhat.com>,
	"Mads Ynddal" <mads@ynddal.dk>,
	"Mahmoud Mandour" <ma.mandourr@gmail.com>,
	"Pierrick Bouvier" <pierrick.bouvier@linaro.org>,
	"Laurent Vivier" <laurent@vivier.eu>,
	"Paolo Bonzini" <pbonzini@redhat.com>,
	"Philippe Mathieu-Daudé" <philmd@linaro.org>,
	"Alexandre Iooss" <erdnaxe@crans.org>,
	"Stefan Hajnoczi" <stefanha@redhat.com>,
	"Peter Maydell" <peter.maydell@linaro.org>,
	"Richard Henderson" <richard.henderson@linaro.org>,
	"Thomas Huth" <thuth@redhat.com>,
	"Akihiko Odaki" <akihiko.odaki@daynix.com>
Subject: [PATCH 05/23] tests/docker: Specify --userns keep-id for Podman
Date: Fri, 28 Jun 2024 13:42:40 +0100	[thread overview]
Message-ID: <20240628124258.832466-6-alex.bennee@linaro.org> (raw)
In-Reply-To: <20240628124258.832466-1-alex.bennee@linaro.org>

From: Akihiko Odaki <akihiko.odaki@daynix.com>

Previously we are always specifying -u $(UID) to match the UID in the
container with one outside. This causes a problem with rootless Podman.

Rootless Podman remaps user IDs in the container to ones controllable
for the current user outside. The -u option instructs Podman to use
a specified UID in the container but does not affect the UID remapping.
Therefore, the UID in the container can be remapped to some other UID
outside the container. This can make the access to bind-mounted volumes
fail because the remapped UID mismatches with the owner of the
directories.

Replace -u $(UID) with --userns keep-id, which fixes the UID remapping.
This change is limited to Podman because Docker does not support
--userns keep-id.

Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-Id: <20240626-podman-v1-1-f8c8daf2bb0a@daynix.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
---
 tests/docker/Makefile.include | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index 8df50a0ca0..708e3a72fb 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -207,7 +207,12 @@ docker-run: docker-qemu-src
 	$(call quiet-command,						\
 		$(RUNC) run 						\
 			--rm						\
-			$(if $(NOUSER),,-u $(UID)) 			\
+			$(if $(NOUSER),,				\
+				$(if $(filter docker,$(RUNC)),		\
+					-u $(UID),			\
+					--userns keep-id		\
+				)					\
+			) 						\
 			--security-opt seccomp=unconfined		\
 			$(if $(DEBUG),-ti,)				\
 			$(if $(NETWORK),$(if $(subst $(NETWORK),,1),--net=$(NETWORK)),--net=none) \
-- 
2.39.2

next prev parent reply	other threads:[~2024-06-28 12:44 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-06-28 12:42 [PATCH 00/23] July maintainer updates (32bit, testing, plugins, gdbstub) Alex Bennée
2024-06-28 12:42 ` [PATCH 01/23] tests/lcitool: fix debian-i686-cross toolchain prefix Alex Bennée
2024-06-28 18:04   ` Richard Henderson
2024-06-28 12:42 ` [PATCH 02/23] target/i386: fix gen_prepare_size_nz condition Alex Bennée
2024-06-28 14:34   ` Alex Bennée
2024-07-01  9:01     ` Igor Mammedov
2024-06-28 17:54   ` Richard Henderson
2024-06-28 22:35     ` Richard Henderson
2024-06-28 12:42 ` [PATCH 03/23] testing: restore some testing for i686 Alex Bennée
2024-06-28 12:42 ` [PATCH 04/23] tracepoints: move physmem trace points Alex Bennée
2024-06-28 18:07   ` Richard Henderson
2024-06-28 12:42 ` Alex Bennée [this message]
2024-06-28 12:42 ` [PATCH 06/23] tests/tcg/arm: Fix fcvt result messages Alex Bennée
2024-06-30  3:17   ` Richard Henderson
2024-06-28 12:42 ` [PATCH 07/23] test/plugin: make insn plugin less noisy by default Alex Bennée
2024-06-28 12:42 ` [PATCH 08/23] test/plugins: preserve the instruction record over translations Alex Bennée
2024-06-28 12:42 ` [PATCH 09/23] plugins/lockstep: preserve sock_path Alex Bennée
2024-06-28 12:42 ` [PATCH 10/23] plugins/lockstep: make mixed-mode safe Alex Bennée
2024-06-28 22:30   ` Richard Henderson
2024-06-28 12:42 ` [PATCH 11/23] plugins/lockstep: mention the one-insn-per-tb option Alex Bennée
2024-06-28 12:42 ` [PATCH 12/23] plugins/lockstep: clean-up output Alex Bennée
2024-06-28 12:42 ` [PATCH 13/23] gdbstub: Clean up process_string_cmd Alex Bennée
2024-06-28 12:42 ` [PATCH 14/23] gdbstub: Move GdbCmdParseEntry into a new header file Alex Bennée
2024-06-28 12:42 ` [PATCH 15/23] gdbstub: Add support for target-specific stubs Alex Bennée
2024-06-28 12:42 ` [PATCH 16/23] target/arm: Fix exception case in allocation_tag_mem_probe Alex Bennée
2024-06-28 12:42 ` [PATCH 17/23] target/arm: Make some MTE helpers widely available Alex Bennée
2024-06-28 12:42 ` [PATCH 18/23] target/arm: Factor out code for setting MTE TCF0 field Alex Bennée
2024-06-28 12:42 ` [PATCH 19/23] gdbstub: Make hex conversion function non-internal Alex Bennée
2024-06-28 12:42 ` [PATCH 20/23] gdbstub: Pass CPU context to command handler Alex Bennée
2024-06-28 12:42 ` [PATCH 21/23] gdbstub: Use true to set cmd_startswith Alex Bennée
2024-06-28 12:42 ` [PATCH 22/23] gdbstub: Add support for MTE in user mode Alex Bennée
2024-06-28 12:42 ` [PATCH 23/23] tests/tcg/aarch64: Add MTE gdbstub tests Alex Bennée

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8df50a0ca dfblob:708e3a72f )
 OR (
bs:"[PATCH 05/23] tests/docker: Specify --userns keep-id for Podman" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240628124258.832466-6-alex.bennee@linaro.org \
    --to=alex.bennee@linaro.org \
    --cc=akihiko.odaki@daynix.com \
    --cc=bleal@redhat.com \
    --cc=david@redhat.com \
    --cc=eduardo@habkost.net \
    --cc=erdnaxe@crans.org \
    --cc=laurent@vivier.eu \
    --cc=ma.mandourr@gmail.com \
    --cc=mads@ynddal.dk \
    --cc=pbonzini@redhat.com \
    --cc=peter.maydell@linaro.org \
    --cc=peterx@redhat.com \
    --cc=philmd@linaro.org \
    --cc=pierrick.bouvier@linaro.org \
    --cc=qemu-arm@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    --cc=richard.henderson@linaro.org \
    --cc=stefanha@redhat.com \
    --cc=thuth@redhat.com \
    --cc=wainersm@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).