Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Simpler uidmap options for podman #244

Closed
dustymabe opened this issue Aug 29, 2019 · 2 comments
Closed

Simpler uidmap options for podman #244

dustymabe opened this issue Aug 29, 2019 · 2 comments

Comments

@dustymabe
Copy link
Collaborator

In cfcf4eb you did some nice investigatory work in tracking down how to call --uidmap properly to map the users id outside the container to the same id inside rootless podman container. I think we can achieve the same goal now with podman --userns=keep-id. At least it seems to be the case in my testing if I remove the --uidmap options and replace with --userns=keep-id:

[vagrant@vanilla-f30 ~]$ toolbox enter
⬢[vagrant@toolbox ~]$ cat /proc/self/uid_map 
      1000          0          1
         0          1       1000
      1001       1001      64536
⬢[vagrant@toolbox ~]$ exit
logout
[vagrant@vanilla-f30 ~]$ sudi vi /usr/bin/toolbox 
-bash: sudi: command not found
[vagrant@vanilla-f30 ~]$ sudo vi /usr/bin/toolbox 
[vagrant@vanilla-f30 ~]$ 
[vagrant@vanilla-f30 ~]$ toolbox enter
⬢[vagrant@toolbox ~]$ 
⬢[vagrant@toolbox ~]$ cat /proc/self/uid_map 
      1000          0          1
         0          1       1000
      1001       1001      64536

Do you agree?
@debarshiray
Copy link
Member

Yes, --userns=keep-id was added in containers/podman#3196 because more and more people have been using this pattern. :)

I am sometimes apprehensive of picking up niceties introduced in newer Podman versions because it can make it harder to bisect regressions in Podman with a newer Toolbox - the usual pain of tracking things across multiple Git repositories.

Anyway, I see that --userns=keep-id was introduced in Podman 1.4.0. Subsequent Podman releases have been relatively stable, and it's also old enough to be in RHELs 7 and 8. So it seems like a reasonable baseline to adopt.

Do you already have a patch tucked away somewhere? :)

dustymabe added a commit to dustymabe/toolbox that referenced this issue Sep 3, 2019
@dustymabe
take advantage of podman --userns=keep-id
f65bbba 
This let's podman do the calculations for mapping our host UID into
the user namespace within the container. See cfcf4eb for original
context.

Fixes containers#244
@dustymabe dustymabe mentioned this issue Sep 3, 2019
Closed
dustymabe added a commit to dustymabe/toolbox that referenced this issue Sep 3, 2019
@dustymabe
take advantage of podman --userns=keep-id
c39c806 
This lets podman do the calculations for mapping our host UID into
the user namespace within the container. See cfcf4eb for original
context.

Fixes containers#244
@dustymabe
Copy link
Collaborator Author

Do you already have a patch tucked away somewhere? :)

#252 :)

debarshiray referenced this issue Sep 4, 2019
@dustymabe @debarshiray
Simplify code by taking advantage of 'podman create --userns=keep-id'
f152426 
This lets podman do the calculations for mapping the host UID into the
user namespace within the container. See cfcf4eb for original
context.

The '--userns=keep-id' option was introduced in Podman 1.4.0, which is
old enough to be in even RHEL 7.

https://github.com/debarshiray/toolbox/issues/244
@debarshiray debarshiray mentioned this issue Sep 4, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

take advantage of podman --userns=keep-id dustymabe/toolbox
2 participants
@debarshiray @dustymabe