Hello,
I'm trying to switch from docker to rootless podman in a project.
Building the image was a simple change. But now I'm trying to
run it in a development setup, and encounter problems.
A directory tree from the host gets mounted into the container.
In the container, user IDs 0 and 1111 will write to the directory tree.
I'm looking for a way to map both of these IDs to my uid on the host,
if that's possible. Likewise with group IDs, but I guess those work
just the same as the user IDs.
No I don't believe this is allowed.
Can you add a group that UID=0 and UID=1111 both belong to,
and then setup the directory with group permissions rwx?
That is the way to handle this in Linux. You could also use ACLS
(setfacl)
to allow both users to write to the directory.
I found plenty of examples where "podman run" is called with a
--uidmap argument that maps a range of uids to another range.
But I haven't been able to find an example where two --uidmap
arguments are given, to map two distinct uids to the same one.
My various attempts have lead either to "permission denied"
or to "Error: Container ID 0 cannot be mapped to a host ID".
I'm not familiar with user namespaces or nested uid mappings.
There was a recent documentation update, but I cannot
figure out what that means for my scenario:
https://github.com/containers/podman/pull/8695/files
On the system where I'm starting the container, I have:
/etc/subuid:
rolweber:100000:65536
/etc/subgid:
rolweber:100000:65536
Maybe I can work around uid mapping altogether by
giving global write permission to the host directory.
It's in a single-user VM, so this would be acceptable.
But I'd rather avoid that, if there's a way to map the uids.
Any suggestions?
Thanks and cheers,
Roland
---
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Gregor Pillen / Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen / Registergericht: Amtsgericht Stuttgart, HRB 243294
_______________________________________________ Podman mailing list -- podman@lists.podman.io To unsubscribe send an email to podman-leave@lists.podman.io