[Feature]: Ignore userns=keep-id in rootful mode, instead of erroring out #17337
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
Comments
imphil
added
the
kind/feature
|
I think we cannot just ignore the setting. When you pass What could possibly be done, is to create a user namespace and map the same range as the host. |
|
opened a PR: #17350 |
giuseppe
added a commit
to giuseppe/libpod
that referenced
this issue
Feb 3, 2023
copy the current mapping into a new user namespace, and run into a separate user namespace. Closes: containers#17337 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
Wow, that was quick! Thanks a lot, I'll give it a try on Monday. |
github-actions
bot
added
the
locked - please file new issue/PR
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Feature request description
Currently, specifying
--userns=keep-idinpodman runresults in a hard error:Setting the
PODMAN_USERNS=keep-idenvironment variable has the same effect.I'm in the process of setting up a reusable VS Code Dev container, where I can specify docker/podman run arguments needed for the container. userns=keep-id is required to get the container working for rootless users (to give them access to the files they are working on, which reside on the host with their local UID/GID).
At the same time, I don't control how users have set up their podman; they might be using it in rootful or rootless mode. (Many are tricked into the rootful mode by the Windows installation instructions, which effectively state: use rootful if you run into some issues. And since there seems to be no down-side, they just go with the "safe route".)
That's where I'm stuck: I want to get a command-line that works for both rootful and rootless invocations, but with "--userns=keep-id" erroring out, I can't find the magic invocation that works in any case.
Suggest potential solution
If "--userns=keep-id" or
PODMAN_USERNSis specified in rootful mode, ignore it (and warn about it), but do not error out.Have you considered any alternatives?
The alternatives require assembling a command-line or an environment variable conditionally depending on podman being rootful or rootless mode, which typically requires a wrapper script.
Or (and that's what we do today) we have to document that the user needs to add a flag or a configuration file depending on how they're using podman.
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: