2:20 p.m.
On 9/20/23 11:44, Andre Nathan wrote:
# podman run -d --rm --name foo \
--userns=auto:uidmapping=1000:0:1,gidmapping=1000:0:1 \
-v '/srv/home/local:/home/local:idmap=uids=1000-0-1;gids=1000-0-1' \
quay.io/libpod/alpine_nginx
For the record, the command above is wrong in that the container and
host [UG]IDs are reversed: it's mapping host user/group 0 into container
user/group 1000, and what I actually want is the reverse.
By fixing this and removing the idmap option from the volume, I seem to
get the behaviour I need:
# podman run -d --rm --name foo \
--userns=auto:uidmapping=0:1000:1,gidmapping=0:1000:1 \
-v /srv/home/local:/home/local \
quay.io/libpod/alpine_nginx
# podman exec -it foo ls -l /home
total 4
drwxr-x--- 5 root root 4096 Sep 20 18:09 local
And the volume is writable by the container's root user, which is UID
1000 in the host:
# podman exec -it foo touch /home/local/blah
# podman exec -it foo ls -l /home/local/blah
-rw-r--r-- 1 root root 0 Sep 20 18:18 /home/local/blah
Cheers,
Andre