Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proof-of-concept: set up necessary idmappings for userns_mode=auto in Container.create() #499

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

vmsh0
Copy link
Contributor

@vmsh0 vmsh0 commented Jan 12, 2025

This is a proof-of-concept commit to gather initial feedback.

This addresses the issue in #493, i.e., that passing userns='auto' to Container.create() results in the option being silently ignored.

Before this patch, podman-py used to set up the userns API parameter when the userns parameter was given to Container.create(). However, upon investigation, it seems like the Podman service silently ignores the passed userns if parameter idmappings is missing.

This patch addresses this behaviour by setting up idmappings with neutral values (i.e., the values resulting in the same behaviour as the Podman client when called with --userns=auto without more specific options), while specifically retaining any explicit values passed by the user using the undocumented argument idmappings.

I am looking for some feedback about this PR:

  • Is the general structure of the solution acceptable?
  • I do not see any other instances where a dict merge approach is used to set up default values. Is there perhaps a better place to put the merge_dicts() function? Or would it be better altogether to merge the relatively small structure manually and avoid adding that function altogether?
  • I see that, in general, integration testing is pretty minimal and doesn't cover very many of the possible use cases of podman-py. In your view, what would be a good collection of integration tests for this PR/feature? At a minimum, I will be contributing one integration test which checks that passing the userns='auto' results in a container with a private user namespace, with IDs not overlapping with the initial namespace, as that is my use case

… Container.create()

This is a proof-of-concept commit to gather initial feedback

Signed-off-by: Riccardo Paolo Bestetti <[email protected]>
Copy link
Contributor

openshift-ci bot commented Jan 12, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: vmsh0
Once this PR has been reviewed and has the lgtm label, please assign mheon for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@rhatdan
Copy link
Member

rhatdan commented Jan 14, 2025

@giuseppe PTAL

@giuseppe
Copy link
Member

would you be interested to try to fix it in Podman? If you are not interested/familiar with the project or language, then it is fine to fix it here

@vmsh0
Copy link
Contributor Author

vmsh0 commented Jan 15, 2025

would you be interested to try to fix it in Podman? If you are not interested/familiar with the project or language, then it is fine to fix it here

I would be interested in attempting that :) I am not a Go programmer by trade, but I am probably familiar enough with it for this particular fix.

I have successfully built podman yesterday, now I'm trying to get the tests to run. Can I bother you (or someone else) if I can't get the tests to run? What is the preferred channel, GitHub or something more ephemeral (e.g., IRC)?

@inknos inknos self-requested a review January 15, 2025 14:47
Copy link
Contributor

@inknos inknos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vmsh0 maybe late to the party, but here are the comms channels :) https://github.com/containers/podman/blob/main/README.md#communications

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants