ansible/ansible-podman-collections
1
0
Fork 0
mirror of https://github.com/containers/ansible-podman-collections.git synced 2026-02-04 07:11:49 +00:00
Code Activity
ansible-podman-collections/docs/podman_unshare_become.html
Sergey 7a1d668e0e
Update inspection info about objects in modules (#819) 
Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
2024-08-16 19:26:35 +03:00

320 lines
No EOL
24 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="generator" content="Docutils 0.19: https://docutils.sourceforge.io/" />
<meta content="2.5.0" name="antsibull-docs" />
<title>containers.podman.podman_unshare become Run tasks using podman unshare &#8212; Python documentation</title>
<link rel="stylesheet" type="text/css" href="_static/pygments.css" />
<link rel="stylesheet" type="text/css" href="_static/alabaster.css" />
<link rel="stylesheet" type="text/css" href="_static/antsibull-minimal.css" />
<script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
<script src="_static/doctools.js"></script>
<script src="_static/sphinx_highlight.js"></script>
<link rel="index" title="Index" href="genindex.html" />
<link rel="search" title="Search" href="search.html" />
<link rel="next" title="containers.podman.buildah connection Interact with an existing buildah container" href="buildah_connection.html" />
<link rel="prev" title="containers.podman.podman_volume_info module Gather info about podman volumes" href="podman_volume_info_module.html" />
<link rel="stylesheet" href="_static/custom.css" type="text/css" />
<meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
</head><body>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body" role="main">
<span class="target" id="ansible-collections-containers-podman-podman-unshare-become"></span><section id="containers-podman-podman-unshare-become-run-tasks-using-podman-unshare">
<h1>containers.podman.podman_unshare become Run tasks using podman unshare<a class="headerlink" href="#containers-podman-podman-unshare-become-run-tasks-using-podman-unshare" title="Permalink to this heading"></a></h1>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>This become plugin is part of the <a class="reference external" href="https://galaxy.ansible.com/ui/repo/published/containers/podman/">containers.podman collection</a> (version 1.15.4).</p>
<p>It is not included in <code class="docutils literal notranslate"><span class="pre">ansible-core</span></code>.
To check whether it is installed, run <code class="code docutils literal notranslate"><span class="pre">ansible-galaxy</span> <span class="pre">collection</span> <span class="pre">list</span></code>.</p>
<p>To install it, use: <code class="code docutils literal notranslate"><span class="pre">ansible-galaxy</span> <span class="pre">collection</span> <span class="pre">install</span> <span class="pre">containers.podman</span></code>.</p>
<p>To use it in a playbook, specify: <code class="code docutils literal notranslate"><span class="pre">containers.podman.podman_unshare</span></code>.</p>
</div>
<p class="ansible-version-added">New in containers.podman 1.9.0</p>
<nav class="contents local" id="contents">
<ul class="simple">
<li><p><a class="reference internal" href="#synopsis" id="id1">Synopsis</a></p></li>
<li><p><a class="reference internal" href="#parameters" id="id2">Parameters</a></p></li>
<li><p><a class="reference internal" href="#examples" id="id3">Examples</a></p></li>
</ul>
</nav>
<section id="synopsis">
<h2><a class="toc-backref" href="#id1" role="doc-backlink">Synopsis</a><a class="headerlink" href="#synopsis" title="Permalink to this heading"></a></h2>
<ul class="simple">
<li><p>This become plugins allows your remote/login user to execute commands in its container user namespace. Official documentation: <a class="reference external" href="https://docs.podman.io/en/latest/markdown/podman-unshare.1.html">https://docs.podman.io/en/latest/markdown/podman-unshare.1.html</a></p></li>
</ul>
</section>
<section id="parameters">
<h2><a class="toc-backref" href="#id2" role="doc-backlink">Parameters</a><a class="headerlink" href="#parameters" title="Permalink to this heading"></a></h2>
<table class="longtable ansible-option-table docutils align-default" style="width: 100%">
<thead>
<tr class="row-odd"><th class="head"><p>Parameter</p></th>
<th class="head"><p>Comments</p></th>
</tr>
</thead>
<tbody>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-become_exe"></div><p class="ansible-option-title" id="ansible-collections-containers-podman-podman-unshare-become-parameter-become-exe"><strong>become_exe</strong></p>
<a class="ansibleOptionLink" href="#parameter-become_exe" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Sudo executable</p>
<p class="ansible-option-line"><strong class="ansible-option-default-bold">Default:</strong> <code class="ansible-option-default docutils literal notranslate"><span class="pre">&quot;sudo&quot;</span></code></p>
<p class="ansible-option-line"><strong class="ansible-option-configuration">Configuration:</strong></p>
<ul>
<li><p>INI entries:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[</span><span class="n">privilege_escalation</span><span class="p">]</span>
<span class="n">become_exe</span> <span class="o">=</span> <span class="n">sudo</span>
</pre></div>
</div>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[</span><span class="n">sudo_become_plugin</span><span class="p">]</span>
<span class="n">executable</span> <span class="o">=</span> <span class="n">sudo</span>
</pre></div>
</div>
</li>
<li><p>Environment variable: <span class="target" id="index-0"></span><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_BECOME_EXE</span></code></p></li>
<li><p>Environment variable: <span class="target" id="index-1"></span><a class="reference internal" href="environment_variables.html#envvar-ANSIBLE_SUDO_EXE"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_SUDO_EXE</span></code></a></p></li>
<li><p>Variable: ansible_become_exe</p></li>
<li><p>Variable: ansible_sudo_exe</p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-become_pass"></div><p class="ansible-option-title" id="ansible-collections-containers-podman-podman-unshare-become-parameter-become-pass"><strong>become_pass</strong></p>
<a class="ansibleOptionLink" href="#parameter-become_pass" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Password to pass to sudo</p>
<p class="ansible-option-line"><strong class="ansible-option-configuration">Configuration:</strong></p>
<ul>
<li><p>INI entry:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[</span><span class="n">sudo_become_plugin</span><span class="p">]</span>
<span class="n">password</span> <span class="o">=</span> <span class="n">VALUE</span>
</pre></div>
</div>
</li>
<li><p>Environment variable: <span class="target" id="index-2"></span><a class="reference internal" href="environment_variables.html#envvar-ANSIBLE_BECOME_PASS"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_BECOME_PASS</span></code></a></p></li>
<li><p>Environment variable: <span class="target" id="index-3"></span><a class="reference internal" href="environment_variables.html#envvar-ANSIBLE_SUDO_PASS"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_SUDO_PASS</span></code></a></p></li>
<li><p>Variable: ansible_become_password</p></li>
<li><p>Variable: ansible_become_pass</p></li>
<li><p>Variable: ansible_sudo_pass</p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-become_user"></div><p class="ansible-option-title" id="ansible-collections-containers-podman-podman-unshare-become-parameter-become-user"><strong>become_user</strong></p>
<a class="ansibleOptionLink" href="#parameter-become_user" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>User you become to execute the task (root is not a valid value here).</p>
<p class="ansible-option-line"><strong class="ansible-option-configuration">Configuration:</strong></p>
<ul>
<li><p>INI entries:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[</span><span class="n">privilege_escalation</span><span class="p">]</span>
<span class="n">become_user</span> <span class="o">=</span> <span class="n">VALUE</span>
</pre></div>
</div>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[</span><span class="n">sudo_become_plugin</span><span class="p">]</span>
<span class="n">user</span> <span class="o">=</span> <span class="n">VALUE</span>
</pre></div>
</div>
</li>
<li><p>Environment variable: <span class="target" id="index-4"></span><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_BECOME_USER</span></code></p></li>
<li><p>Environment variable: <span class="target" id="index-5"></span><a class="reference internal" href="environment_variables.html#envvar-ANSIBLE_SUDO_USER"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_SUDO_USER</span></code></a></p></li>
<li><p>Variable: ansible_become_user</p></li>
<li><p>Variable: ansible_sudo_user</p></li>
</ul>
</div></td>
</tr>
</tbody>
</table>
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id3" role="doc-backlink">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">checking uid of file &#39;foo&#39;</span>
<span class="w"> </span><span class="nt">ansible.builtin.stat</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">test_dir</span> <span class="cp">}}</span><span class="s">/foo&quot;</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">foo</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">foo.stat.uid</span>
<span class="c1"># The output shows that it&#39;s owned by the login user</span>
<span class="c1"># ok: [test_host] =&gt; {</span>
<span class="c1"># &quot;foo.stat.uid&quot;: &quot;1003&quot;</span>
<span class="c1"># }</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">mounting the file to an unprivileged container and modifying its owner</span>
<span class="w"> </span><span class="nt">containers.podman.podman_container</span><span class="p">:</span>
<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">chmod_foo</span>
<span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">alpine</span>
<span class="w"> </span><span class="nt">rm</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">volume</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">test_dir</span> <span class="cp">}}</span><span class="s">:/opt/test:z&quot;</span>
<span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">chown 1000 /opt/test/foo</span>
<span class="c1"># Now the file &#39;foo&#39; is owned by the container uid 1000,</span>
<span class="c1"># which is mapped to something completaly different on the host.</span>
<span class="c1"># It creates a situation when the file is unaccessible to the host user (uid 1003)</span>
<span class="c1"># Running stat again, debug output will be like this:</span>
<span class="c1"># ok: [test_host] =&gt; {</span>
<span class="c1"># &quot;foo.stat.uid&quot;: &quot;328679&quot;</span>
<span class="c1"># }</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">running stat in modified user namespace</span>
<span class="w"> </span><span class="nt">become_method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">containers.podman.podman_unshare</span>
<span class="w"> </span><span class="nt">become</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">ansible.builtin.stat</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">test_dir</span> <span class="cp">}}</span><span class="s">/foo&quot;</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">foo</span>
<span class="c1"># By gathering file stats with podman_ushare</span>
<span class="c1"># we can see the uid set in the container:</span>
<span class="c1"># ok: [test_host] =&gt; {</span>
<span class="c1"># &quot;foo.stat.uid&quot;: &quot;1000&quot;</span>
<span class="c1"># }</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">resetting file ownership with podman unshare</span>
<span class="w"> </span><span class="nt">become_method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">containers.podman.podman_unshare</span>
<span class="w"> </span><span class="nt">become</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">ansible.builtin.file</span><span class="p">:</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">file</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">test_dir</span> <span class="cp">}}</span><span class="s">/foo&quot;</span>
<span class="w"> </span><span class="nt">owner</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">0</span><span class="w"> </span><span class="c1"># in a modified user namespace host uid is mapped to 0</span>
<span class="c1"># If we run stat and debug with &#39;become: false&#39;,</span>
<span class="c1"># we can see that the file is ours again:</span>
<span class="c1"># ok: [test_host] =&gt; {</span>
<span class="c1"># &quot;foo.stat.uid&quot;: &quot;1003&quot;</span>
<span class="c1"># }</span>
</pre></div>
</div>
<section id="authors">
<h3>Authors<a class="headerlink" href="#authors" title="Permalink to this heading"></a></h3>
<ul class="simple">
<li><p>Janos Gerzson (&#64;grzs)</p></li>
</ul>
<div class="admonition hint">
<p class="admonition-title">Hint</p>
<p>Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.</p>
</div>
</section>
<section id="collection-links">
<h3>Collection links<a class="headerlink" href="#collection-links" title="Permalink to this heading"></a></h3>
<ul class="ansible-links">
<li><span><a aria-role="button" class="ansible-link reference external" href="https://github.com/containers/ansible-podman-collections/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc" rel="noopener external" target="_blank">Issue Tracker</a></span></li>
<li><span><a aria-role="button" class="ansible-link reference external" href="https://github.com/containers/ansible-podman-collections" rel="noopener external" target="_blank">Repository (Sources)</a></span></li>
</ul>
</section>
</section>
</section>
</div>
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
<div class="sphinxsidebarwrapper">
<h1 class="logo"><a href="index.html">Python</a></h1>
<h3>Navigation</h3>
<ul>
<li class="toctree-l1"><a class="reference internal" href="podman_container_module.html">containers.podman.podman_container module Manage podman containers</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_container_copy_module.html">containers.podman.podman_container_copy module Copy file to/from a container</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_container_exec_module.html">containers.podman.podman_container_exec module Executes a command in a running container.</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_container_info_module.html">containers.podman.podman_container_info module Gather facts about containers using podman</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_containers_module.html">containers.podman.podman_containers module Manage podman containers in a batch</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_export_module.html">containers.podman.podman_export module Export a podman container</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_generate_systemd_module.html">containers.podman.podman_generate_systemd module Generate systemd unit from a pod or a container</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_image_module.html">containers.podman.podman_image module Pull images for use by podman</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_image_info_module.html">containers.podman.podman_image_info module Gather info about images using podman</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_import_module.html">containers.podman.podman_import module Import Podman container from a tar file.</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_load_module.html">containers.podman.podman_load module Load image from a tar file.</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_login_module.html">containers.podman.podman_login module Login to a container registry using podman</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_login_info_module.html">containers.podman.podman_login_info module Return the logged-in user if any for a given registry</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_logout_module.html">containers.podman.podman_logout module Log out of a container registry using podman</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_network_module.html">containers.podman.podman_network module Manage podman networks</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_network_info_module.html">containers.podman.podman_network_info module Gather info about podman networks</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_play_module.html">containers.podman.podman_play module Play kubernetes YAML file using podman</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_pod_module.html">containers.podman.podman_pod module Manage Podman pods</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_pod_info_module.html">containers.podman.podman_pod_info module Gather info about podman pods</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_prune_module.html">containers.podman.podman_prune module Allows to prune various podman objects</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_runlabel_module.html">containers.podman.podman_runlabel module Run given label from given image</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_save_module.html">containers.podman.podman_save module Saves podman image to tar file</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_search_module.html">containers.podman.podman_search module Search for remote images using podman</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_secret_module.html">containers.podman.podman_secret module Manage podman secrets</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_secret_info_module.html">containers.podman.podman_secret_info module Gather info about podman secrets</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_tag_module.html">containers.podman.podman_tag module Add an additional name to a local image</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_volume_module.html">containers.podman.podman_volume module Manage Podman volumes</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_volume_info_module.html">containers.podman.podman_volume_info module Gather info about podman volumes</a></li>
</ul>
<ul class="current">
<li class="toctree-l1 current"><a class="current reference internal" href="#">containers.podman.podman_unshare become Run tasks using podman unshare</a></li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="buildah_connection.html">containers.podman.buildah connection Interact with an existing buildah container</a></li>
<li class="toctree-l1"><a class="reference internal" href="podman_connection.html">containers.podman.podman connection Interact with an existing podman container</a></li>
</ul>
<div class="relations">
<h3>Related Topics</h3>
<ul>
<li><a href="index.html">Documentation overview</a><ul>
<li>Previous: <a href="podman_volume_info_module.html" title="previous chapter">containers.podman.podman_volume_info module Gather info about podman volumes</a></li>
<li>Next: <a href="buildah_connection.html" title="next chapter">containers.podman.buildah connection Interact with an existing buildah container</a></li>
</ul></li>
</ul>
</div>
<div id="searchbox" style="display: none" role="search">
<h3 id="searchlabel">Quick search</h3>
<div class="searchformwrapper">
<form class="search" action="search.html" method="get">
<input type="text" name="q" aria-labelledby="searchlabel" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false"/>
<input type="submit" value="Go" />
</form>
</div>
</div>
<script>document.getElementById('searchbox').style.display = "block"</script>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="footer">
&copy;.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 7.0.1</a>
&amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.13</a>
|
<a href="_sources/podman_unshare_become.rst.txt"
rel="nofollow">Page source</a>
</div>
</body>
</html>
View git blame Copy permalink