mirror of
https://github.com/containers/podman
synced 2024-10-21 01:34:37 +00:00
podman: honor env variable PODMAN_USERNS
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
parent
f09370c68b
commit
5eb321ac37
|
@ -517,7 +517,7 @@ func getCreateFlags(c *cliconfig.PodmanCommand) {
|
||||||
"Username or UID (format: <name|uid>[:<group|gid>])",
|
"Username or UID (format: <name|uid>[:<group|gid>])",
|
||||||
)
|
)
|
||||||
createFlags.String(
|
createFlags.String(
|
||||||
"userns", "",
|
"userns", os.Getenv("PODMAN_USERNS"),
|
||||||
"User namespace to use",
|
"User namespace to use",
|
||||||
)
|
)
|
||||||
createFlags.String(
|
createFlags.String(
|
||||||
|
|
|
@ -730,7 +730,7 @@ Without this argument the command will be run as root in the container.
|
||||||
**--userns**=keep-id
|
**--userns**=keep-id
|
||||||
**--userns**=ns:my_namespace
|
**--userns**=ns:my_namespace
|
||||||
|
|
||||||
Set the user namespace mode for the container. The use of userns is disabled by default.
|
Set the user namespace mode for the container. It defaults to the **PODMAN_USERNS** environment variable. An empty value means user namespaces are disabled.
|
||||||
|
|
||||||
- `host`: run in the user namespace of the caller. This is the default if no user namespace options are set. The processes running in the container will have the same privileges on the host as any other process launched by the calling user.
|
- `host`: run in the user namespace of the caller. This is the default if no user namespace options are set. The processes running in the container will have the same privileges on the host as any other process launched by the calling user.
|
||||||
- `keep-id`: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user.
|
- `keep-id`: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user.
|
||||||
|
|
|
@ -766,7 +766,7 @@ Without this argument the command will be run as root in the container.
|
||||||
**--userns**=keep-id
|
**--userns**=keep-id
|
||||||
**--userns**=ns:my_namespace
|
**--userns**=ns:my_namespace
|
||||||
|
|
||||||
Set the user namespace mode for the container. The use of userns is disabled by default.
|
Set the user namespace mode for the container. It defaults to the **PODMAN_USERNS** environment variable. An empty value means user namespaces are disabled.
|
||||||
|
|
||||||
- `host`: run in the user namespace of the caller. This is the default if no user namespace options are set. The processes running in the container will have the same privileges on the host as any other process launched by the calling user.
|
- `host`: run in the user namespace of the caller. This is the default if no user namespace options are set. The processes running in the container will have the same privileges on the host as any other process launched by the calling user.
|
||||||
- `keep-id`: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user.
|
- `keep-id`: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user.
|
||||||
|
|
Loading…
Reference in a new issue