podman run --privileged --userns=keep-id does not properly set HOME env

[seanmcneil3]

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

When running a container in privileged mode with userns=keep-id, the output of the command "id" is correct, but behavior is slightly off with podman version 2.1.1. In previous version, the environment variable HOME would be properly set to the namespace. It is now set as HOME=/root.

Steps to reproduce the issue:

1. Create a container with a minimum of a bash shell environment. I've chosen from centos:7

2.Start a shell with the container, such as with:

podman run --rm -it --privileged --userns=keep-id --volume="/home:/home" --workdir="$PWD" centos:7 bash

3. In the container, execute "echo $HOME"

Describe the results you received:

I see "/root".

Describe the results you expected:

I expect to see the path for the user I run the podman container from. This is a deviation from previous releases.

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

podman version 2.1.1

Output of podman info --debug:

host:
arch: amd64
buildahVersion: 1.16.1
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-2.0.21-3.fc33.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.0.21, commit: 0f53fb68333bdead5fe4dc5175703e22cf9882ab'
cpus: 16
distribution:
distribution: fedora
version: "33"
eventLogger: journald
hostname: desk.mcneil.com
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 165536
size: 65536
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 165536
size: 65536
kernel: 5.8.13-300.fc33.x86_64
linkmode: dynamic
memFree: 13702463488
memTotal: 33680375808
ociRuntime:
name: crun
package: crun-0.15-5.fc33.x86_64
path: /usr/bin/crun
version: |-
crun version 0.15
commit: 56ca95e61639510c7dbd39ff512f80f626404969
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
os: linux
remoteSocket:
path: /run/user/1000/podman/podman.sock
rootless: true
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.1.4-4.dev.giteecccdb.fc33.x86_64
version: |-
slirp4netns version 1.1.4+dev
commit: eecccdb96f587b11d7764556ffacfeaffe4b6e11
libslirp: 4.3.1
SLIRP_CONFIG_VERSION_MAX: 3
libseccomp: 2.5.0
swapFree: 16852709376
swapTotal: 16852709376
uptime: 4h 16m 30.54s (Approximately 0.17 days)
registries:
search:

• registry.fedoraproject.org
• registry.access.redhat.com
• registry.centos.org
• docker.io
  store:
  configFile: /home/sean/.config/containers/storage.conf
  containerStore:
  number: 3
  paused: 0
  running: 1
  stopped: 2
  graphDriverName: overlay
  graphOptions:
  overlay.mount_program:
  Executable: /usr/bin/fuse-overlayfs
  Package: fuse-overlayfs-1.1.2-1.fc33.x86_64
  Version: |-
  fusermount3 version: 3.9.3
  fuse-overlayfs: version 1.1.0
  FUSE library version 3.9.3
  using FUSE kernel interface version 7.31
  graphRoot: /home/sean/.local/share/containers/storage
  graphStatus:
  Backing Filesystem: btrfs
  Native Overlay Diff: "false"
  Supports d_type: "true"
  Using metacopy: "false"
  imageStore:
  number: 5
  runRoot: /run/user/1000
  volumePath: /home/sean/.local/share/containers/storage/volumes
  version:
  APIVersion: 2.0.0
  Built: 1601853924
  BuiltTime: Mon Oct 5 06:25:24 2020
  GitCommit: ""
  GoVersion: go1.15.2
  OsArch: linux/amd64
  Version: 2.1.1

Package info (e.g. output of rpm -q podman or apt list podman):

podman-2.1.1-10.fc33.x86_64

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?

No

Additional environment details (AWS, VirtualBox, physical, etc.):