Run rootful container with userns=auto fails due to "wrong" file ownership #24037
Labels
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
Comments
stale-locking-app
bot
added
the
locked - please file new issue/PR
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Discussed in #24033
Originally posted by florentulve September 22, 2024
Hi,
I am confronted to an issue with podman rootfull dans userns=auto and the redis image from the docker library : https://hub.docker.com/_/redis
Its entrypoint check the ownership of the current directory and chown if needed.
#### allow the container to be started with--user`if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then
find . ! -user redis -exec chown redis '{}' +
exec gosu redis "$0" "$@"
fi`
source: https://github.com/redis/docker-library-redis/blob/master/docker-entrypoint.sh
It fails with userns=auto because the working directory ownership is not the redis 999 user as shown below:
My subuid and subgid contains
containers:2147483647:2147483648If i check the underlying filesystem:
`ls -alnZ /var/lib/containers/storage/overlay/85fa5b943e569816e1fb2627827e35c06f166e0079d6fa153c4d2d58273eed73/merged
lrwxrwxrwx. 1 2147583647 2147583647 system_u:object_r:container_file_t:s0:c655,c984 7 Sep 4 11:00 bin -> usr/bin/
drwxr-xr-x. 1 2147583647 2147583647 system_u:object_r:container_file_t:s0:c655,c984 0 Aug 14 18:10 boot/
drwxr-xr-x. 1 2147584646 2147584646 system_u:object_r:container_file_t:s0:c655,c984 0 Sep 5 01:09 data/
drwxr-xr-x. 1 2147583647 2147583647 system_u:object_r:container_file_t:s0:c655,c984 0 Sep 4 11:00 dev/`
2147583647 -> 0
2147584646 -> 2147583647 + 999(redis user)
I realy don't understand why inside the container the 2147584646 user is reported as 65534 noboby as shown in the screen above.
Podman version affected 5.2.2
This works with podman 4.3.1
The text was updated successfully, but these errors were encountered: