From: "Alex Bennée" <alex.bennee@linaro.org>
To: qemu-devel@nongnu.org
Cc: "Wainer dos Santos Moschetta" <wainersm@redhat.com>,
"Beraldo Leal" <bleal@redhat.com>,
"David Hildenbrand" <david@redhat.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Pierrick Bouvier" <pierrick.bouvier@linaro.org>,
"Alexandre Iooss" <erdnaxe@crans.org>,
"Thomas Huth" <thuth@redhat.com>,
"Mahmoud Mandour" <ma.mandourr@gmail.com>,
"Peter Maydell" <peter.maydell@linaro.org>,
qemu-arm@nongnu.org, "Aleksandar Rikalo" <arikalo@gmail.com>,
"Mads Ynddal" <mads@ynddal.dk>,
"Yanan Wang" <wangyanan55@huawei.com>,
"Eduardo Habkost" <eduardo@habkost.net>,
"Peter Xu" <peterx@redhat.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
"Paul Burton" <paulburton@kernel.org>,
"Stefan Hajnoczi" <stefanha@redhat.com>,
"Alex Bennée" <alex.bennee@linaro.org>,
"Laurent Vivier" <laurent@vivier.eu>,
"Akihiko Odaki" <akihiko.odaki@daynix.com>
Subject: [PATCH v2 05/40] tests/docker: Specify --userns keep-id for Podman
Date: Fri, 5 Jul 2024 09:40:12 +0100 [thread overview]
Message-ID: <20240705084047.857176-6-alex.bennee@linaro.org> (raw)
In-Reply-To: <20240705084047.857176-1-alex.bennee@linaro.org>
From: Akihiko Odaki <akihiko.odaki@daynix.com>
Previously we are always specifying -u $(UID) to match the UID in the
container with one outside. This causes a problem with rootless Podman.
Rootless Podman remaps user IDs in the container to ones controllable
for the current user outside. The -u option instructs Podman to use
a specified UID in the container but does not affect the UID remapping.
Therefore, the UID in the container can be remapped to some other UID
outside the container. This can make the access to bind-mounted volumes
fail because the remapped UID mismatches with the owner of the
directories.
Replace -u $(UID) with --userns keep-id, which fixes the UID remapping.
This change is limited to Podman because Docker does not support
--userns keep-id.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-Id: <20240626-podman-v1-1-f8c8daf2bb0a@daynix.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
---
tests/docker/Makefile.include | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index 8df50a0ca0..708e3a72fb 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -207,7 +207,12 @@ docker-run: docker-qemu-src
$(call quiet-command, \
$(RUNC) run \
--rm \
- $(if $(NOUSER),,-u $(UID)) \
+ $(if $(NOUSER),, \
+ $(if $(filter docker,$(RUNC)), \
+ -u $(UID), \
+ --userns keep-id \
+ ) \
+ ) \
--security-opt seccomp=unconfined \
$(if $(DEBUG),-ti,) \
$(if $(NETWORK),$(if $(subst $(NETWORK),,1),--net=$(NETWORK)),--net=none) \
--
2.39.2
next prev parent reply other threads:[~2024-07-05 8:44 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-05 8:40 [PATCH v2 00/40] July maintainer updates (32bit, testing, plugins, gdbstub) Alex Bennée
2024-07-05 8:40 ` [PATCH v2 01/40] tests/lcitool: fix debian-i686-cross toolchain prefix Alex Bennée
2024-07-05 8:40 ` [PATCH v2 02/40] testing: restore some testing for i686 Alex Bennée
2024-07-05 8:40 ` [PATCH v2 03/40] tracepoints: move physmem trace points Alex Bennée
2024-07-05 8:40 ` [PATCH v2 04/40] hw/core: ensure kernel_end never gets used undefined Alex Bennée
2024-07-05 9:49 ` Manos Pitsidianakis
2024-07-05 8:40 ` Alex Bennée [this message]
2024-07-05 8:40 ` [PATCH v2 06/40] tests/tcg/minilib: Constify digits in print_num Alex Bennée
2024-07-05 8:40 ` [PATCH v2 07/40] tests/tcg: Adjust variable defintion from cc-option Alex Bennée
2024-07-05 8:40 ` [PATCH v2 08/40] tests/tcg/aarch64: Drop -fno-tree-loop-distribute-patterns Alex Bennée
2024-07-05 8:40 ` [PATCH v2 09/40] tests/tcg/aarch64: Explicitly specify register width Alex Bennée
2024-07-05 8:40 ` [PATCH v2 10/40] tests/tcg/aarch64: Fix irg operand type Alex Bennée
2024-07-05 8:40 ` [PATCH v2 11/40] tests/tcg/aarch64: Do not use x constraint Alex Bennée
2024-07-05 8:40 ` [PATCH v2 12/40] tests/tcg/aarch64: Add -fno-integrated-as for sme Alex Bennée
2024-07-05 8:40 ` [PATCH v2 13/40] tests/tcg/arm: Fix fcvt result messages Alex Bennée
2024-07-05 8:40 ` [PATCH v2 14/40] tests/tcg/arm: Drop -N from LDFLAGS Alex Bennée
2024-07-05 8:40 ` [PATCH v2 15/40] tests/tcg/arm: Use -fno-integrated-as for test-arm-iwmmxt Alex Bennée
2024-07-05 8:40 ` [PATCH v2 16/40] tests/tcg/arm: Manually register allocate half-precision numbers Alex Bennée
2024-07-05 8:40 ` [PATCH v2 17/40] tests/tcg/arm: Use -march and -mfpu for fcvt Alex Bennée
2024-07-05 8:40 ` [PATCH v2 18/40] tests/tcg/arm: Use vmrs/vmsr instead of mcr/mrc Alex Bennée
2024-07-05 8:40 ` [PATCH v2 19/40] linux-user/main: Suppress out-of-range comparison warning for clang Alex Bennée
2024-07-05 8:40 ` [PATCH v2 20/40] gitlab: don't bother with KVM for TCI builds Alex Bennée
2024-07-05 8:49 ` Thomas Huth
2024-07-05 16:34 ` Philippe Mathieu-Daudé
2024-07-05 16:49 ` Thomas Huth
2024-07-05 21:44 ` Philippe Mathieu-Daudé
2024-07-08 4:59 ` Thomas Huth
2024-07-05 8:40 ` [PATCH v2 21/40] test/plugin: make insn plugin less noisy by default Alex Bennée
2024-07-05 10:02 ` Manos Pitsidianakis
2024-07-05 8:40 ` [PATCH v2 22/40] test/plugins: preserve the instruction record over translations Alex Bennée
2024-07-05 10:15 ` Manos Pitsidianakis
2024-07-05 8:40 ` [PATCH v2 23/40] plugins/lockstep: preserve sock_path Alex Bennée
2024-07-05 9:54 ` Manos Pitsidianakis
2024-07-05 8:40 ` [PATCH v2 24/40] plugins/lockstep: make mixed-mode safe Alex Bennée
2024-07-05 8:40 ` [PATCH v2 25/40] plugins/lockstep: mention the one-insn-per-tb option Alex Bennée
2024-07-05 10:04 ` Manos Pitsidianakis
2024-07-05 8:40 ` [PATCH v2 26/40] plugins/lockstep: clean-up output Alex Bennée
2024-07-05 8:40 ` [PATCH v2 27/40] plugins: Ensure vCPU index is assigned in init/exit hooks Alex Bennée
2024-07-05 8:40 ` [PATCH v2 28/40] plugins: Free CPUPluginState before destroying vCPU state Alex Bennée
2024-07-05 8:40 ` [PATCH v2 29/40] accel/tcg: Move qemu_plugin_vcpu_init__async() to plugins/ Alex Bennée
2024-07-05 8:40 ` [PATCH v2 30/40] gdbstub: Clean up process_string_cmd Alex Bennée
2024-07-05 8:40 ` [PATCH v2 31/40] gdbstub: Move GdbCmdParseEntry into a new header file Alex Bennée
2024-07-05 8:40 ` [PATCH v2 32/40] gdbstub: Add support for target-specific stubs Alex Bennée
2024-07-05 8:40 ` [PATCH v2 33/40] target/arm: Fix exception case in allocation_tag_mem_probe Alex Bennée
2024-07-05 8:40 ` [PATCH v2 34/40] target/arm: Make some MTE helpers widely available Alex Bennée
2024-07-05 8:40 ` [PATCH v2 35/40] target/arm: Factor out code for setting MTE TCF0 field Alex Bennée
2024-07-05 10:07 ` Manos Pitsidianakis
2024-07-05 8:40 ` [PATCH v2 36/40] gdbstub: Make hex conversion function non-internal Alex Bennée
2024-07-05 8:40 ` [PATCH v2 37/40] gdbstub: Pass CPU context to command handler Alex Bennée
2024-07-05 10:08 ` Manos Pitsidianakis
2024-07-05 8:40 ` [PATCH v2 38/40] gdbstub: Use true to set cmd_startswith Alex Bennée
2024-07-05 10:03 ` Manos Pitsidianakis
2024-07-05 8:40 ` [PATCH v2 39/40] gdbstub: Add support for MTE in user mode Alex Bennée
2024-07-05 8:40 ` [PATCH v2 40/40] tests/tcg/aarch64: Add MTE gdbstub tests Alex Bennée
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240705084047.857176-6-alex.bennee@linaro.org \
--to=alex.bennee@linaro.org \
--cc=akihiko.odaki@daynix.com \
--cc=arikalo@gmail.com \
--cc=bleal@redhat.com \
--cc=david@redhat.com \
--cc=eduardo@habkost.net \
--cc=erdnaxe@crans.org \
--cc=laurent@vivier.eu \
--cc=ma.mandourr@gmail.com \
--cc=mads@ynddal.dk \
--cc=marcel.apfelbaum@gmail.com \
--cc=paulburton@kernel.org \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=peterx@redhat.com \
--cc=philmd@linaro.org \
--cc=pierrick.bouvier@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=stefanha@redhat.com \
--cc=thuth@redhat.com \
--cc=wainersm@redhat.com \
--cc=wangyanan55@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).