8:26 a.m.
colleague just presented me with this question ... he was following
an example that showed how, when started with docker, a process
running as root in the container was also running as root on the host.
the example he showed me was to fire up an alpine image, verify that
the user account was root inside the container, then start a "sleep
100" command, open another terminal on the host, and check the
properties of running sleep commands, whereupon he saw:
$ ps -fC sleep
UID ... CMD
root sleep 100
$
i did exactly the same thing on my fedora 31 system but i have docker
aliased to podman, and when i did the same thing, back on the host, i
got:
$ ps -fC sleep
UID PID PPID C STIME TTY TIME CMD
rpjday 24268 21319 0 08:23 pts/0 00:00:00 sleep 42
in short, while the sleep process was owned by root in the container,
on the host, it is clearly owned by me.
i wasn't sure how to explain that, other than to suggest that
podman, by default, doesn't map root in container to root on host. is
there an explanation i could point him to to understand why running
under podman behaved differently? thanks.
rday