7:26 a.m.
I'm running a bunch of rootless Podman containers. I noticed that the RemapUsers,
RemapUid and RemapGid options (and possibly others that I haven't used) disappeared
from the documentation of podman-systemd.unit in 4.5.0.
I barely and partially understood what the options did in the 4.4.0 days when we started
using them, but got them working through trial and error.
Here's what we have across the board right now in our Quadlet generators. They still
work in 4.5.0, but I'm assuming they'll go away eventually:
RemapUsers=manual
RemapUid=0:0:1
RemapUid=100:1:1
RemapGid=0:0:1
RemapGid=65534:1:1
With the 0:0:1 options, the root user/group inside the containers are mapped to the
regular (non-root) host user/group. We need this, since the container bind mounts volumes
from the host and must appear to the host as the regular user while doing so.
The 100:1:1 and 65534:1:1 options have to do with the special _apt user in Debian-based
containers; apt drops privileges to that user in some circumstances. I couldn't tell
you why remapping those are needed, but not having them caused problems when installing
packages inside the containers.
What Quadlet options in Podman >=4.5.0 would be equivalent to the above legacy options?