Skip to content

[release-1.57] idmap: force PRIVATE propagation #2272

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 6, 2025
Merged

[release-1.57] idmap: force PRIVATE propagation #2272

merged 1 commit into from
Mar 6, 2025

Conversation

openshift-cherrypick-robot
Copy link

This is an automated cherry-pick of #2269

/assign giuseppe

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Mar 6, 2025
Merged
@giuseppe
Copy link
Member

giuseppe commented Mar 6, 2025

linter fixed in #2274

@giuseppe
idmap: force PRIVATE propagation
22b679b 
do not leak idmapped mounts to other namespaces, since they are meant
to be used privately by overlay.

This is already done with the default configuration, since we have a
private mount on top of the graphdriver directory, but it is not the
case when `skip_home_mount` is used.

Closes: https://issues.redhat.com/browse/OCPBUGS-49927

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@giuseppe giuseppe force-pushed the cherry-pick-2269-to-release-1.57 branch from 0949859 to 22b679b Compare March 6, 2025 13:35
@haircommander
Copy link
Contributor

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Mar 6, 2025
@TomSweeneyRedHat
Copy link
Member

/hold
Putting a short term hold on this. We don't have an associated jira card to do a backport with. Getting one now.

@TomSweeneyRedHat
Copy link
Member

Fixes: https://issues.redhat.com/browse/RHEL-82511, https://issues.redhat.com/browse/RHEL-82509

@TomSweeneyRedHat
Copy link
Member

LGTM
/hold cancel

@TomSweeneyRedHat
Copy link
Member

/lgtm

@TomSweeneyRedHat
Copy link
Member

/approve

1 similar comment
@nalind
Copy link
Member

nalind commented Mar 6, 2025

/approve

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Mar 6, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: nalind, openshift-cherrypick-robot, TomSweeneyRedHat

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved label Mar 6, 2025
@openshift-merge-bot openshift-merge-bot bot merged commit e0f1f0c into containers:release-1.57 Mar 6, 2025
20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@giuseppe giuseppe

@haircommander haircommander

@TomSweeneyRedHat TomSweeneyRedHat

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@openshift-cherrypick-robot @giuseppe @haircommander @TomSweeneyRedHat @nalind