maxim...@schmidt.so
unread,Jan 21, 2021, 1:51:18 PM1/21/21Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Jan Kiszka, Bezdeka, Florian (T RDA IOT SES-DE), kas-...@googlegroups.com, nicolas....@gmx.com
We tested this setup with an up to date podman (version 2.2.1) on arch linux.
The podman detection of `kas-container` works correctly and `--userns=keep-id`
was successfully passed to the podman command.
When `keep-id` is passed to the podman command, the user inside the container
is the same as outside the container, i.e.
- outside $UID = inside $UID
- outside $GID = inside $GID
- also the outside user entry is present inside the container's /etc/passwd
Additionally, in combination with `--workdir=/work` the $HOME is also mapped correctly to /work.
The permissions of `/work` are set to have USER_ID and GROUP_ID as owner and group respectively.
Thus, the container seems to be setup correctly.
This means, we don't see the need to create an additional user via the entrypoint.
Furthermore, this creation does not work nevertheless, as the user inside the container is not root and thus has no permissions to add or modify users.
Note that this only applies to rootless podman usage as the keep-id flag is ignored when running podman as the root user.
--