1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
|
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="generator" content="Docutils 0.19: https://docutils.sourceforge.io/" />
<meta content="2.5.0" name="antsibull-docs" />
<title>containers.podman.podman_unshare become – Run tasks using podman unshare — Python documentation</title>
<link rel="stylesheet" type="text/css" href="_static/pygments.css" />
<link rel="stylesheet" type="text/css" href="_static/alabaster.css" />
<link rel="stylesheet" type="text/css" href="_static/antsibull-minimal.css" />
<script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
<script src="_static/doctools.js"></script>
<script src="_static/sphinx_highlight.js"></script>
<link rel="index" title="Index" href="genindex.html" />
<link rel="search" title="Search" href="search.html" />
<link rel="next" title="containers.podman.buildah connection – Interact with an existing buildah container" href="buildah_connection.html" />
<link rel="prev" title="containers.podman.podman_volume_info module – Gather info about podman volumes" href="podman_volume_info_module.html" />
<link rel="stylesheet" href="_static/custom.css" type="text/css" />
<meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
</head><body>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body" role="main">
<span class="target" id="ansible-collections-containers-podman-podman-unshare-become"></span><section id="containers-podman-podman-unshare-become-run-tasks-using-podman-unshare">
<h1>containers.podman.podman_unshare become – Run tasks using podman unshare<a class="headerlink" href="#containers-podman-podman-unshare-become-run-tasks-using-podman-unshare" title="Permalink to this heading">¶</a></h1>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>This become plugin is part of the <a class="reference external" href="https://galaxy.ansible.com/ui/repo/published/containers/podman/">containers.podman collection</a> (version 1.16.2).</p>
<p>It is not included in <code class="docutils literal notranslate"><span class="pre">ansible-core</span></code>.
To check whether it is installed, run <code class="code docutils literal notranslate"><span class="pre">ansible-galaxy</span> <span class="pre">collection</span> <span class="pre">list</span></code>.</p>
<p>To install it, use: <code class="code docutils literal notranslate"><span class="pre">ansible-galaxy</span> <span class="pre">collection</span> <span class="pre">install</span> <span class="pre">containers.podman</span></code>.</p>
<p>To use it in a playbook, specify: <code class="code docutils literal notranslate"><span class="pre">containers.podman.podman_unshare</span></code>.</p>
</div>
<p class="ansible-version-added">New in containers.podman 1.9.0</p>
<nav class="contents local" id="contents">
<ul class="simple">
<li><p><a class="reference internal" href="#synopsis" id="id1">Synopsis</a></p></li>
<li><p><a class="reference internal" href="#parameters" id="id2">Parameters</a></p></li>
<li><p><a class="reference internal" href="#examples" id="id3">Examples</a></p></li>
</ul>
</nav>
<section id="synopsis">
<h2><a class="toc-backref" href="#id1" role="doc-backlink">Synopsis</a><a class="headerlink" href="#synopsis" title="Permalink to this heading">¶</a></h2>
<ul class="simple">
<li><p>This become plugins allows your remote/login user to execute commands in its container user namespace. Official documentation: <a class="reference external" href="https://docs.podman.io/en/latest/markdown/podman-unshare.1.html">https://docs.podman.io/en/latest/markdown/podman-unshare.1.html</a></p></li>
</ul>
</section>
<section id="parameters">
<h2><a class="toc-backref" href="#id2" role="doc-backlink">Parameters</a><a class="headerlink" href="#parameters" title="Permalink to this heading">¶</a></h2>
<table class="longtable ansible-option-table docutils align-default" style="width: 100%">
<thead>
<tr class="row-odd"><th class="head"><p>Parameter</p></th>
<th class="head"><p>Comments</p></th>
</tr>
</thead>
<tbody>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-become_exe"></div><p class="ansible-option-title" id="ansible-collections-containers-podman-podman-unshare-become-parameter-become-exe"><strong>become_exe</strong></p>
<a class="ansibleOptionLink" href="#parameter-become_exe" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Sudo executable</p>
<p class="ansible-option-line"><strong class="ansible-option-default-bold">Default:</strong> <code class="ansible-option-default docutils literal notranslate"><span class="pre">"sudo"</span></code></p>
<p class="ansible-option-line"><strong class="ansible-option-configuration">Configuration:</strong></p>
<ul>
<li><p>INI entries:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[</span><span class="n">privilege_escalation</span><span class="p">]</span>
<span class="n">become_exe</span> <span class="o">=</span> <span class="n">sudo</span>
</pre></div>
</div>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[</span><span class="n">sudo_become_plugin</span><span class="p">]</span>
<span class="n">executable</span> <span class="o">=</span> <span class="n">sudo</span>
</pre></div>
</div>
</li>
<li><p>Environment variable: <span class="target" id="index-0"></span><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_BECOME_EXE</span></code></p></li>
<li><p>Environment variable: <span class="target" id="index-1"></span><a class="reference internal" href="environment_variables.html#envvar-ANSIBLE_SUDO_EXE"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_SUDO_EXE</span></code></a></p></li>
<li><p>Variable: ansible_become_exe</p></li>
<li><p>Variable: ansible_sudo_exe</p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-become_pass"></div><p class="ansible-option-title" id="ansible-collections-containers-podman-podman-unshare-become-parameter-become-pass"><strong>become_pass</strong></p>
<a class="ansibleOptionLink" href="#parameter-become_pass" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Password to pass to sudo</p>
<p class="ansible-option-line"><strong class="ansible-option-configuration">Configuration:</strong></p>
<ul>
<li><p>INI entry:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[</span><span class="n">sudo_become_plugin</span><span class="p">]</span>
<span class="n">password</span> <span class="o">=</span> <span class="n">VALUE</span>
</pre></div>
</div>
</li>
<li><p>Environment variable: <span class="target" id="index-2"></span><a class="reference internal" href="environment_variables.html#envvar-ANSIBLE_BECOME_PASS"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_BECOME_PASS</span></code></a></p></li>
<li><p>Environment variable: <span class="target" id="index-3"></span><a class="reference internal" href="environment_variables.html#envvar-ANSIBLE_SUDO_PASS"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_SUDO_PASS</span></code></a></p></li>
<li><p>Variable: ansible_become_password</p></li>
<li><p>Variable: ansible_become_pass</p></li>
<li><p>Variable: ansible_sudo_pass</p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-become_user"></div><p class="ansible-option-title" id="ansible-collections-containers-podman-podman-unshare-become-parameter-become-user"><strong>become_user</strong></p>
<a class="ansibleOptionLink" href="#parameter-become_user" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>User you ‘become’ to execute the task (‘root’ is not a valid value here).</p>
<p class="ansible-option-line"><strong class="ansible-option-configuration">Configuration:</strong></p>
<ul>
<li><p>INI entries:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[</span><span class="n">privilege_escalation</span><span class="p">]</span>
<span class="n">become_user</span> <span class="o">=</span> <span class="n">VALUE</span>
</pre></div>
</div>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[</span><span class="n">sudo_become_plugin</span><span class="p">]</span>
<span class="n">user</span> <span class="o">=</span> <span class="n">VALUE</span>
</pre></div>
</div>
</li>
<li><p>Environment variable: <span class="target" id="index-4"></span><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_BECOME_USER</span></code></p></li>
<li><p>Environment variable: <span class="target" id="index-5"></span><a class="reference internal" href="environment_variables.html#envvar-ANSIBLE_SUDO_USER"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_SUDO_USER</span></code></a></p></li>
<li><p>Variable: ansible_become_user</p></li>
<li><p>Variable: ansible_sudo_user</p></li>
</ul>
</div></td>
</tr>
</tbody>
</table>
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id3" role="doc-backlink">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading">¶</a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">checking uid of file 'foo'</span>
<span class="w"> </span><span class="nt">ansible.builtin.stat</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="s">"</span><span class="cp">{{</span> <span class="nv">test_dir</span> <span class="cp">}}</span><span class="s">/foo"</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">foo</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">foo.stat.uid</span>
<span class="c1"># The output shows that it's owned by the login user</span>
<span class="c1"># ok: [test_host] => {</span>
<span class="c1"># "foo.stat.uid": "1003"</span>
<span class="c1"># }</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">mounting the file to an unprivileged container and modifying its owner</span>
<span class="w"> </span><span class="nt">containers.podman.podman_container</span><span class="p">:</span>
<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">chmod_foo</span>
<span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">alpine</span>
<span class="w"> </span><span class="nt">rm</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">volume</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">"</span><span class="cp">{{</span> <span class="nv">test_dir</span> <span class="cp">}}</span><span class="s">:/opt/test:z"</span>
<span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">chown 1000 /opt/test/foo</span>
<span class="c1"># Now the file 'foo' is owned by the container uid 1000,</span>
<span class="c1"># which is mapped to something completaly different on the host.</span>
<span class="c1"># It creates a situation when the file is unaccessible to the host user (uid 1003)</span>
<span class="c1"># Running stat again, debug output will be like this:</span>
<span class="c1"># ok: [test_host] => {</span>
<span class="c1"># "foo.stat.uid": "328679"</span>
<span class="c1"># }</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">running stat in modified user namespace</span>
<span class="w"> </span><span class="nt">become_method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">containers.podman.podman_unshare</span>
<span class="w"> </span><span class="nt">become</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">ansible.builtin.stat</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="s">"</span><span class="cp">{{</span> <span class="nv">test_dir</span> <span class="cp">}}</span><span class="s">/foo"</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">foo</span>
<span class="c1"># By gathering file stats with podman_ushare</span>
<span class="c1"># we can see the uid set in the container:</span>
<span class="c1"># ok: [test_host] => {</span>
<span class="c1"># "foo.stat.uid": "1000"</span>
<span class="c1"># }</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">resetting file ownership with podman unshare</span>
<span class="w"> </span><span class="nt">become_method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">containers.podman.podman_unshare</span>
<span class="w"> </span><span class="nt">become</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">ansible.builtin.file</span><span class="p">:</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">file</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="s">"</span><span class="cp">{{</span> <span class="nv">test_dir</span> <span class="cp">}}</span><span class="s">/foo"</span>
<span class="w"> </span><span class="nt">owner</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">0</span><span class="w"> </span><span class="c1"># in a modified user namespace host uid is mapped to 0</span>
<span class="c1"># If we run stat and debug with 'become: false',</span>
<span class="c1"># we can see that the file is ours again:</span>
<span class="c1"># ok: [test_host] => {</span>
<span class="c1"># "foo.stat.uid": "1003"</span>
<span class="c1"># }</span>
</pre></div>
</div>
<section id="authors">
<h3>Authors<a class="headerlink" href="#authors" title="Permalink to this heading">¶</a></h3>
<ul class="simple">
<li><p>Janos Gerzson (@grzs)</p></li>
</ul>
<div class="admonition hint">
<p class="admonition-title">Hint</p>
<p>Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.</p>
</div>
</section>
<section id="collection-links">
<h3>Collection links<a class="headerlink" href="#collection-links" title="Permalink to this heading">¶</a></h3>
<ul class="ansible-links">
<li><span><a aria-role="button" class="ansible-link reference external" href="https://github.com/containers/ansible-podman-collections/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc" rel="noopener external" target="_blank">Issue Tracker</a></span></li>
<li><span><a aria-role="button" class="ansible-link reference external" href="https://github.com/containers/ansible-podman-collections" rel="noopener external" target="_blank">Repository (Sources)</a></span></li>
</ul>
</section>
</section>
</section>
</div>
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
<div class="sphinxsidebarwrapper">
<h1 class="logo"><a href="index.html">Python</a></h1>
<h3>Navigation</h3>
<ul>
<li class="toctree-l1"><a class="reference internal" href="podman_container_module.html">containers.podman.podman_container module – Manage podman containers</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_container_copy_module.html">containers.podman.podman_container_copy module – Copy file to/from a container</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_container_exec_module.html">containers.podman.podman_container_exec module – Executes a command in a running container.</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_container_info_module.html">containers.podman.podman_container_info module – Gather facts about containers using podman</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_containers_module.html">containers.podman.podman_containers module – Manage podman containers in a batch</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_export_module.html">containers.podman.podman_export module – Export a podman container</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_generate_systemd_module.html">containers.podman.podman_generate_systemd module – Generate systemd unit from a pod or a container</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_image_module.html">containers.podman.podman_image module – Pull images for use by podman</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_image_info_module.html">containers.podman.podman_image_info module – Gather info about images using podman</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_import_module.html">containers.podman.podman_import module – Import Podman container from a tar file.</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_load_module.html">containers.podman.podman_load module – Load image from a tar file.</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_login_module.html">containers.podman.podman_login module – Login to a container registry using podman</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_login_info_module.html">containers.podman.podman_login_info module – Return the logged-in user if any for a given registry</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_logout_module.html">containers.podman.podman_logout module – Log out of a container registry using podman</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_network_module.html">containers.podman.podman_network module – Manage podman networks</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_network_info_module.html">containers.podman.podman_network_info module – Gather info about podman networks</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_play_module.html">containers.podman.podman_play module – Play kubernetes YAML file using podman</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_pod_module.html">containers.podman.podman_pod module – Manage Podman pods</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_pod_info_module.html">containers.podman.podman_pod_info module – Gather info about podman pods</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_prune_module.html">containers.podman.podman_prune module – Allows to prune various podman objects</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_runlabel_module.html">containers.podman.podman_runlabel module – Run given label from given image</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_save_module.html">containers.podman.podman_save module – Saves podman image to tar file</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_search_module.html">containers.podman.podman_search module – Search for remote images using podman</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_secret_module.html">containers.podman.podman_secret module – Manage podman secrets</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_secret_info_module.html">containers.podman.podman_secret_info module – Gather info about podman secrets</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_tag_module.html">containers.podman.podman_tag module – Add an additional name to a local image</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_volume_module.html">containers.podman.podman_volume module – Manage Podman volumes</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_volume_info_module.html">containers.podman.podman_volume_info module – Gather info about podman volumes</a></li>
</ul>
<ul class="current">
<li class="toctree-l1 current"><a class="current reference internal" href="#">containers.podman.podman_unshare become – Run tasks using podman unshare</a></li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="buildah_connection.html">containers.podman.buildah connection – Interact with an existing buildah container</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_connection.html">containers.podman.podman connection – Interact with an existing podman container</a></li>
</ul>
<div class="relations">
<h3>Related Topics</h3>
<ul>
<li><a href="index.html">Documentation overview</a><ul>
<li>Previous: <a href="podman_volume_info_module.html" title="previous chapter">containers.podman.podman_volume_info module – Gather info about podman volumes</a></li>
<li>Next: <a href="buildah_connection.html" title="next chapter">containers.podman.buildah connection – Interact with an existing buildah container</a></li>
</ul></li>
</ul>
</div>
<div id="searchbox" style="display: none" role="search">
<h3 id="searchlabel">Quick search</h3>
<div class="searchformwrapper">
<form class="search" action="search.html" method="get">
<input type="text" name="q" aria-labelledby="searchlabel" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false"/>
<input type="submit" value="Go" />
</form>
</div>
</div>
<script>document.getElementById('searchbox').style.display = "block"</script>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="footer">
©.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 7.0.1</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.13</a>
|
<a href="_sources/podman_unshare_become.rst.txt"
rel="nofollow">Page source</a>
</div>
</body>
</html>
|
