Add new --userns flag --userns=sync-id #15294
Comments
rhatdan
changed the title
|
What do you think of --userns=sync-id? |
|
I linked a use case on a MAC that we are hitting now, where a container wants to create files on a volume that do not match the UID of the user running Podman. It is failing since the :U is not allowed on a mac file system. |
|
I suggested this a while back, but there has been a general lack of interest. No objection to adding it. |
|
Well I guess I did not pay attention to you. :^( |
|
it is not a complete solution but I've opened a PR to add the Solving the problem in a completely automatic way would require more steps. We need to mount the container storage to parse the |
add two new options to the keep-id user namespace option:
- uid: allow to override the UID used inside the container.
- gid: allow to override the GID used inside the container.
For example, the following command will map the rootless user (that
has UID=0 inside the rootless user namespace) to the UID=11 inside the
container user namespace:
$ podman run --userns=keep-id:uid=11 --rm -ti fedora cat /proc/self/uid_map
0 1 11
11 0 1
12 12 65525
Closes: containers#15294
Signed-off-by: Giuseppe Scrivano <[email protected]>
github-actions
bot
added
the
locked - please file new issue/PR
Basically currently we default in rootless users UID to root user.
--userns=keep-id maps your UID outside of container to UID inside of container.
--userns=keep-id-app would map your UID to the default UID of the app run within the container.
Meaning
IE On the host my UID 3267 ends up getting mapped to UID 1234 inside of the container.
The benefit of this is it would fix issues like
#15292
The text was updated successfully, but these errors were encountered: