Merge pull request #27239 from Honny1/fix-mapping-ns

Fix --userns=ns:<path> conflicting with runc 1.1.11+
2026-02-05 06:45:31 +01:00 · 2025-10-07 19:21:01 +00:00
parent 2455ac327d 79ecc1d56b
commit 7fecff5c29
2 changed files with 27 additions and 3 deletions
--- a/pkg/specgen/namespaces.go
+++ b/pkg/specgen/namespaces.go
@@ -503,9 +503,6 @@ func SetupUserNS(idmappings *storageTypes.IDMappingOptions, userns Namespace, g
 		if err := g.AddOrReplaceLinuxNamespace(string(spec.UserNamespace), userns.Value); err != nil {
 			return user, err
 		}
-		// runc complains if no mapping is specified, even if we join another ns.  So provide a dummy mapping
-		g.AddLinuxUIDMapping(uint32(0), uint32(0), uint32(1))
-		g.AddLinuxGIDMapping(uint32(0), uint32(0), uint32(1))
 	case Host:
 		if err := g.RemoveLinuxNamespace(string(spec.UserNamespace)); err != nil {
 			return user, err
--- a/test/system/170-run-userns.bats
+++ b/test/system/170-run-userns.bats
@@ -179,3 +179,30 @@ EOF
    # gid not mapped
    run_podman run --rm --uidmap 0:0:1000 --gidmap 0:1:1000 $IMAGE true
 }
+
+# bats test_tags=ci:parallel
+@test "podman --userns=ns:<path> join existing user namespace" {
+    # Test for issue #27148: --userns=ns:<path> should not add dummy mappings
+    local cname="userns_source_$(safename)"
+
+    run_podman run -d --name $cname \
+        --userns=keep-id \
+        $IMAGE top
+
+    run_podman inspect --format '{{.State.Pid}}' $cname
+    local pid=$output
+    local userns_path="/proc/$pid/ns/user"
+
+    run_podman exec $cname sh -c "readlink /proc/self/ns/user; echo '---'; cat /proc/self/uid_map"
+    local expected="$output"
+
+    run_podman run --rm \
+        --userns=ns:$userns_path \
+        $IMAGE \
+        sh -c "readlink /proc/self/ns/user; echo '---'; cat /proc/self/uid_map"
+    local output="$output"
+
+    assert "$expected" == "$output" "User namespace identifiers and UID mappings should match"
+
+    run_podman rm -f $cname
+}