From patchwork Fri Jul 5 15:30:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Alex_Benn=C3=A9e?= X-Patchwork-Id: 810395 Delivered-To: patch@linaro.org Received: by 2002:ab3:6bc5:0:b0:273:6c53:9181 with SMTP id v5csp523625ltk; Fri, 5 Jul 2024 08:31:54 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVCe7HXhJvSbLAL/3Qafy/Uy3H6Wf26dRMCLFM+Upohmd91lYYOCMqn5tpZawqGRW4wJlBP79WWZCjw3yusP2Xb X-Google-Smtp-Source: AGHT+IFYX7ScjQ0ORD2F3eQDrhnkLCOxM2WQz1JKQ1+V/rZSxLLIM0OChPgorwMdHLYtkS/ies/Q X-Received: by 2002:a05:620a:361e:b0:79d:61da:ba3e with SMTP id af79cd13be357-79eee1cd3e6mr517168985a.21.1720193514465; Fri, 05 Jul 2024 08:31:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1720193514; cv=none; d=google.com; s=arc-20160816; b=yU1CLAmW45xGB6GpkdJgqTAUDe0eh9peVx5JCvMr/wv0xoH/uib1wWpdNvlLWvBnCZ 4K5DAceCbunG8v3i+f/IkDWdXtDDuKfjF20ed0N3K7i+9HkAnbMY2aihnGVLr514vrkl iTMDZxHtKP8GSzSyU+/i5c1YzpNqcynGlWl/nAoSXwTFZgCwbucyvDvwoOKa9HoTBIs0 TxsdWFeabaFWM2ljyplU41xwfCdyi0PyI4VxlrfFzrhZVvzouJsw4mKgbdbXo1TEkC+a +m86wpE+wWX2+K8gt8ipJ6XM/SYWlrPzJSa3zQAasRMsl+R/j40K6gOPTftAA74L/5bl B+nA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=yb3iq8Uefi2wrk4lmxR12EyJjPJCI4ULXKQi9nDSkSE=; fh=QVK3h56o43PrXvQbcYeSm4+VzCeC92txQhQBQURGmxg=; b=TOxNBRQXJlZfrwlXU2DRS20KMS25FVe1YKHQOdKTDOFBd13Qo+05iB7D7Oxj35QeAv JgrQtLMS0Rs1+6yw4kmuBkp4hVRb2Q8vPaqWXPEwL+SAnkeXlm+kGNAPDTtsz4+ANXKb Zrdm55Ila+9+QywnyIx8WDP3l93+qc1yzkxDyTcg82gQz2MJiRJ5YDE91eQmjsjHFNLI OBfwvqIX3rXCwIgk07qyfY+zUpKz236vxP8zHXetfK1kCwOYdqAIfePPhVKInNLVXur1 fU5iflX+ftbCJ37D2n8WH6obZP537iX+2lgPsMHW0c/FIO8BDLjrmVwpT+ux3Hgr4MMP o9Ew==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=OQqyg1is; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id af79cd13be357-79d772a6e99si1629403485a.378.2024.07.05.08.31.54 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 05 Jul 2024 08:31:54 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=OQqyg1is; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sPktu-0005cq-Oa; Fri, 05 Jul 2024 11:31:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sPkts-0005bq-73 for qemu-devel@nongnu.org; Fri, 05 Jul 2024 11:31:04 -0400 Received: from mail-lf1-x135.google.com ([2a00:1450:4864:20::135]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sPktp-0000Ju-Sv for qemu-devel@nongnu.org; Fri, 05 Jul 2024 11:31:03 -0400 Received: by mail-lf1-x135.google.com with SMTP id 2adb3069b0e04-52ea2ce7abaso1860650e87.0 for ; Fri, 05 Jul 2024 08:31:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1720193458; x=1720798258; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=yb3iq8Uefi2wrk4lmxR12EyJjPJCI4ULXKQi9nDSkSE=; b=OQqyg1isdbClJoHoIs0oT5BZ+oNSIqP0HKXjRvYB3u5eHOQHxFlh9YltDwC9bHtLsd RjZfknKoP46HW1C53AWtM8fSHJrheCqL2BnJeuXAWEK3KYoUaXD5XVIOHf+KQdh24ir3 kYN+WBdwlbALdrVTL29I2KTwWotQl4ppKeKCmbCYhhFUjOjBH1SiqoEyYNgO5EX/Ca+B evCvOqkwSabnYqmdY93F+rOsmO+ibWTFS0SB+CoqM6V/OowrardRjwfRMl7pwcNj+WAo bQpnD8BV7VKCYmDEzdWroL0wu5E0Pp2r/qvk7SAGume+7H5zK8v6GMmCmnE3J7/+E9rj ilrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720193458; x=1720798258; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yb3iq8Uefi2wrk4lmxR12EyJjPJCI4ULXKQi9nDSkSE=; b=HikECl/UDx2qa7yLrl4ld/t/PDWPddDF/zeHoSG0LguRh3R5/RAb/E8aJIWjF9vDly CcOhxZBiDFOdGWEuJnFnikVcXmR5XcmHkoVQw0dRr766WxWN+ZxWslrUCq7em1Fgg/wT SiqSjyVUYT3iYvFCGTFfsmKfS2O7OVTd6qDmFnpcpFECnGYJQ84KQ4RiK4S9F04pHHJF PnrNN879EfiP/W0at/pGqlb8Lkru8vNRyOP9mpqPH2xnHlvpf6OCitPmmMXmBoE/NknO FqmfVft/CbMNnr5sMQ9P/RLyJvUxtyHJEi/W2pu0iA7QdpW6pERk1+zqTrdZ86Eqiv0Y 2dFg== X-Gm-Message-State: AOJu0YzTG/CMaB2mq7BCUurDjQEYG7GYj4hK7WiE1gDGa3v6L4vzWqkZ yVHZpIUREyvXFQ3EZ3fg6DHbPSHyJMOCbTVYbNNuQppV/sl/3xbfVKtRUVUPXIg= X-Received: by 2002:ac2:4115:0:b0:52c:f3fa:86c with SMTP id 2adb3069b0e04-52ea0629bc7mr3994185e87.18.1720193457678; Fri, 05 Jul 2024 08:30:57 -0700 (PDT) Received: from draig.lan ([85.9.250.243]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-58e9e68e110sm1929049a12.91.2024.07.05.08.30.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jul 2024 08:30:55 -0700 (PDT) Received: from draig.lan (localhost [IPv6:::1]) by draig.lan (Postfix) with ESMTP id 7AA925F935; Fri, 5 Jul 2024 16:30:53 +0100 (BST) From: =?utf-8?q?Alex_Benn=C3=A9e?= To: qemu-devel@nongnu.org Cc: Akihiko Odaki , =?utf-8?q?Alex_Benn=C3=A9e?= , =?utf-8?q?Philippe_M?= =?utf-8?q?athieu-Daud=C3=A9?= , Thomas Huth , Wainer dos Santos Moschetta , Beraldo Leal Subject: [PULL 05/40] tests/docker: Specify --userns keep-id for Podman Date: Fri, 5 Jul 2024 16:30:17 +0100 Message-Id: <20240705153052.1219696-6-alex.bennee@linaro.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240705153052.1219696-1-alex.bennee@linaro.org> References: <20240705153052.1219696-1-alex.bennee@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::135; envelope-from=alex.bennee@linaro.org; helo=mail-lf1-x135.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Akihiko Odaki Previously we are always specifying -u $(UID) to match the UID in the container with one outside. This causes a problem with rootless Podman. Rootless Podman remaps user IDs in the container to ones controllable for the current user outside. The -u option instructs Podman to use a specified UID in the container but does not affect the UID remapping. Therefore, the UID in the container can be remapped to some other UID outside the container. This can make the access to bind-mounted volumes fail because the remapped UID mismatches with the owner of the directories. Replace -u $(UID) with --userns keep-id, which fixes the UID remapping. This change is limited to Podman because Docker does not support --userns keep-id. Signed-off-by: Akihiko Odaki Message-Id: <20240626-podman-v1-1-f8c8daf2bb0a@daynix.com> Signed-off-by: Alex Bennée Message-Id: <20240705084047.857176-6-alex.bennee@linaro.org> diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include index 8df50a0ca0..708e3a72fb 100644 --- a/tests/docker/Makefile.include +++ b/tests/docker/Makefile.include @@ -207,7 +207,12 @@ docker-run: docker-qemu-src $(call quiet-command, \ $(RUNC) run \ --rm \ - $(if $(NOUSER),,-u $(UID)) \ + $(if $(NOUSER),, \ + $(if $(filter docker,$(RUNC)), \ + -u $(UID), \ + --userns keep-id \ + ) \ + ) \ --security-opt seccomp=unconfined \ $(if $(DEBUG),-ti,) \ $(if $(NETWORK),$(if $(subst $(NETWORK),,1),--net=$(NETWORK)),--net=none) \