Add unshare to podman #2969
Add unshare to podman #2969
Conversation
|
Hi @weirdwiz. Thanks for your PR. I'm waiting for a containers or openshift member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci-robot
added
the
needs-ok-to-test
|
/ok-to-test |
openshift-ci-robot
added
ok-to-test
approved
|
Can one of the admins verify this patch?
|
|
Hi @weirdwiz, thanks for the contribution! I did not check the code yet but we also need to add a man page and bash completions for the new command. |
|
Need update commands.md |
|
Would be nice to have some tests too if possible |
cmd/podman/unshare.go
Outdated
There was a problem hiding this comment.
PODMAN does not have an ISOLATION type, I think this code can be dropped?
@giuseppe Do you agree?
|
I see I'll add the man pages, bash completions and update the commands.md Sure @rhatdan I'll make some tests. |
edsantiago
left a comment
edsantiago
left a comment
There was a problem hiding this comment.
A few usability notes.
Also: what is the expected/desired behavior when run as root? I get:
ERRO[0000] error reading allowed ID mappings: error reading subuid mappings for user "root" and subgid mappings for group "root": No subuid ranges found for user "root" in /etc/subuid
cmd/podman/unshare.go
Outdated
There was a problem hiding this comment.
Should be: "unshare [flags] [COMMAND [ARG...]]" to better indicate usage.
cmd/podman/unshare.go
Outdated
There was a problem hiding this comment.
Perhaps more helpful as "no command specified, and $SHELL undefined"
cmd/podman/unshare.go
Outdated
cmd/podman/unshare.go
Outdated
There was a problem hiding this comment.
why exit with a 1? And the return following?
There was a problem hiding this comment.
It exits with a 1 because ExecRunnable() exits with the exit status of the command, so if the control returns back to the function, it is definitely an error. The return nil is unnecessary I have now removed it.
cmd/podman/unshare.go
Outdated
There was a problem hiding this comment.
This function does not return anything and automatically exits depending on the exit code of the command run.
cmd/podman/unshare.go
Outdated
cmd/podman/unshare.go
Outdated
cmd/podman/unshare.go
Outdated
There was a problem hiding this comment.
does this need to be added to the remote client?
There was a problem hiding this comment.
Probably not - only makes sense on a local machine, it spawns a fresh terminal in the userns.
There was a problem hiding this comment.
ok, then the command should not go in main. it needs to be added to the commands.go instead so it only shows up for the local client.
|
we need to re-use the unshare implementation of Podman, where we join the existing namespace if it already exists. This should happen automatically if you just implement unshare to setup the shell or execute the specified command without caring of setting up the userns. |
cmd/podman/unshare.go
Outdated
cmd/podman/unshare.go
Outdated
There was a problem hiding this comment.
if you drop this line, would podman setup the namespace automatically?
There was a problem hiding this comment.
Yes, It sets up the namespace automatically, If I remove this line.
openshift-ci-robot
added
needs-rebase
openshift-ci-robot
added
size/XXL
weirdwiz
force-pushed
the
master
branch
2 times, most recently
from
cdc0035 to
006a2f7
Compare
|
The unshare-specific test seems to be failing, and I'd like a head nod from @giuseppe - but otherwise this seems good to go. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: edsantiago, vrothberg, weirdwiz The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Might push this to 1.4 so @giuseppe can give an ack |
|
☔ The latest upstream changes (presumably #3039) made this pull request unmergeable. Please resolve the merge conflicts. |
|
Rebased |
|
we should disable the tests when running as remote with @weirdwiz can you please take care of it? |
weirdwiz
force-pushed
the
master
branch
2 times, most recently
from
5565730 to
4833b00
Compare
|
@giuseppe I have added |
|
could you please rebase? |
This command lets the user run a command in a new user namespace like `unshare -u`. It uses the implementation of unshare in buildah. ( fixes containers#1388 ) Signed-off-by: Divyansh Kamboj <[email protected]>
|
tests are happy. LGTM |
|
Nice work, @weirdwiz! |
github-actions
bot
added
the
locked - please file new issue/PR
10 participants
This command lets the user run a command in a new user namespace like
unshare -u.It uses the implementation of unshare in buildah. ( fixes #1388 )