Some containers run as root or as arbitrary and non-settable UIDs, which makes aligning file permission a problem between them. Having the ability to append the --user flag to podman would help a lot in this
Description
Description
Details
Details
- Version
- -
- Is it a breaking change?
- Config syntax change (migratable)
- Issue type
- Feature (new functionality)
Related Objects
Related Objects
- Mentioned In
- rVYOSONEX38a46e1bffd2: Merge pull request #2929 from vyos/mergify/bp/sagitta/pr-2927
rVYOSONEX33dfd49c385e: smoketest: T5955: verify container uid/gid setting
rVYOSONEXf95738c0dd62: container: T5955: allow setting uid/gid
rVYOSONEX52e9707a4329: container: T5955: allow setting uid/gid
rVYOSONEXfaa4c87d93c7: smoketest: T5955: verify container uid/gid setting
rVYOSONEX4b0a78b0d2e4: Merge pull request #2927 from ishioni/T5955
Event Timeline
Comment Actions
Which user are you expecting? Hows to check from which user container was started?
Any idea for CLI?
Could describe the steps to reproduce when it started from the root and not the root?
vyos@r4# run show conf com | match c1 set container name c1 allow-host-networks set container name c1 image 'alpine' [edit] vyos@r4# [edit] vyos@r4# sudo podman container inspect c1 | match "user|UID" "ResolvConfPath": "/var/run/containers/storage/overlay-containers/8dbbc8ae1ffccb907edcd2e955515f8913a3e7d00bd1d50c158b0e17bb9d89d5/userdata/resolv.conf", "HostnamePath": "/var/run/containers/storage/overlay-containers/8dbbc8ae1ffccb907edcd2e955515f8913a3e7d00bd1d50c158b0e17bb9d89d5/userdata/hostname", "HostsPath": "/var/run/containers/storage/overlay-containers/8dbbc8ae1ffccb907edcd2e955515f8913a3e7d00bd1d50c158b0e17bb9d89d5/userdata/hosts", "StaticDir": "/usr/lib/live/mount/persistence/container/storage/overlay-containers/8dbbc8ae1ffccb907edcd2e955515f8913a3e7d00bd1d50c158b0e17bb9d89d5/userdata", "OCIConfigPath": "/usr/lib/live/mount/persistence/container/storage/overlay-containers/8dbbc8ae1ffccb907edcd2e955515f8913a3e7d00bd1d50c158b0e17bb9d89d5/userdata/config.json", "PidFile": "/var/run/containers/storage/overlay-containers/8dbbc8ae1ffccb907edcd2e955515f8913a3e7d00bd1d50c158b0e17bb9d89d5/userdata/pidfile", "CAP_SETUID", "CAP_SETUID", [edit] vyos@r4#
Comment Actions
What are you expecting
This should pretty much explain it
vyos@gateway:~$ sudo podman run -it debian:latest /bin/bash root@d61ed36cd633:/# id uid=0(root) gid=0(root) groups=0(root) exit vyos@gateway:~$ sudo podman run -it --user 1000:100 debian:latest /bin/bash radius_user@814a04aa75a3:/$ id uid=1000(radius_user) gid=100(users) groups=100(users)
Hows to check from which user container was started?
I don't quite understand that question, could you elaborate?
Any idea for CLI?
set container name haproxy uid <UID> set container name haproxy gid <GID>