Skip to content

[release-1.29] server: support ping_group_range if in a userns #8185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 15, 2024
Merged

[release-1.29] server: support ping_group_range if in a userns #8185

merged 1 commit into from
May 15, 2024

Conversation

@openshift-cherrypick-robot
Copy link

This is an automated cherry-pick of #8174

/assign haircommander

fix a bug where a pod with a userns would fail to be created when `ping_group_range` sysctl was specified for it (and the max of that range was outside of the pods user namespace)

@haircommander
server: support ping_group_range if in a userns
14c40d8 
ping_group_range sysctl requires the upper bound be within the range of IDs
the user has access to. ping_group_range is often set to the max allowable range
"0 2147483647", but this will break for every usernamespace pod.

Instead, hack around it by updating the max GID to be the largest one we find
in the IDMappings

Signed-off-by: Peter Hunt <[email protected]>
@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request May 15, 2024
Merged
@openshift-ci openshift-ci bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. labels May 15, 2024
@openshift-ci openshift-ci bot requested review from klihub and sohankunkerkar May 15, 2024 17:08
@haircommander
Copy link
Member

/approve
/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label May 15, 2024
@openshift-ci
Copy link
Contributor

openshift-ci bot commented May 15, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: haircommander, openshift-cherrypick-robot

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 15, 2024
@openshift-merge-bot openshift-merge-bot bot merged commit 42de02f into cri-o:release-1.29 May 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrunalp mrunalp Awaiting requested review from mrunalp mrunalp is a code owner

@klihub klihub Awaiting requested review from klihub

@sohankunkerkar sohankunkerkar Awaiting requested review from sohankunkerkar

Assignees

@haircommander haircommander

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@openshift-cherrypick-robot @haircommander