Some containers run as root or as arbitrary and non-settable UIDs, which makes aligning file permission a problem between them. Having the ability to append the --user flag to podman would help a lot in this
Description
Description
Details
Details
- Difficulty level
- Unknown (require assessment)
- Version
- -
- Why the issue appeared?
- Will be filled on close
- Is it a breaking change?
- Config syntax change (migratable)
- Issue type
- Feature (new functionality)
Event Timeline
Comment Actions
Which user are you expecting? Hows to check from which user container was started?
Any idea for CLI?
Could describe the steps to reproduce when it started from the root and not the root?
vyos@r4# run show conf com | match c1 set container name c1 allow-host-networks set container name c1 image 'alpine' [edit] vyos@r4# [edit] vyos@r4# sudo podman container inspect c1 | match "user|UID" "ResolvConfPath": "/var/run/containers/storage/overlay-containers/8dbbc8ae1ffccb907edcd2e955515f8913a3e7d00bd1d50c158b0e17bb9d89d5/userdata/resolv.conf", "HostnamePath": "/var/run/containers/storage/overlay-containers/8dbbc8ae1ffccb907edcd2e955515f8913a3e7d00bd1d50c158b0e17bb9d89d5/userdata/hostname", "HostsPath": "/var/run/containers/storage/overlay-containers/8dbbc8ae1ffccb907edcd2e955515f8913a3e7d00bd1d50c158b0e17bb9d89d5/userdata/hosts", "StaticDir": "/usr/lib/live/mount/persistence/container/storage/overlay-containers/8dbbc8ae1ffccb907edcd2e955515f8913a3e7d00bd1d50c158b0e17bb9d89d5/userdata", "OCIConfigPath": "/usr/lib/live/mount/persistence/container/storage/overlay-containers/8dbbc8ae1ffccb907edcd2e955515f8913a3e7d00bd1d50c158b0e17bb9d89d5/userdata/config.json", "PidFile": "/var/run/containers/storage/overlay-containers/8dbbc8ae1ffccb907edcd2e955515f8913a3e7d00bd1d50c158b0e17bb9d89d5/userdata/pidfile", "CAP_SETUID", "CAP_SETUID", [edit] vyos@r4#
Comment Actions
What are you expecting
This should pretty much explain it
vyos@gateway:~$ sudo podman run -it debian:latest /bin/bash root@d61ed36cd633:/# id uid=0(root) gid=0(root) groups=0(root) exit vyos@gateway:~$ sudo podman run -it --user 1000:100 debian:latest /bin/bash radius_user@814a04aa75a3:/$ id uid=1000(radius_user) gid=100(users) groups=100(users)
Hows to check from which user container was started?
I don't quite understand that question, could you elaborate?
Any idea for CLI?
set container name haproxy uid <UID> set container name haproxy gid <GID>