| Message ID | 20240626-podman-v1-1-f8c8daf2bb0a@daynix.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | tests/docker: Specify --userns keep-id for Podman | expand |
Akihiko Odaki <akihiko.odaki@daynix.com> writes: > Previously we are always specifying -u $(UID) to match the UID in the > container with one outside. This causes a problem with rootless Podman. > > Rootless Podman remaps user IDs in the container to ones controllable > for the current user outside. The -u option instructs Podman to use > a specified UID in the container but does not affect the UID remapping. > Therefore, the UID in the container can be remapped to some other UID > outside the container. This can make the access to bind-mounted volumes > fail because the remapped UID mismatches with the owner of the > directories. > > Replace -u $(UID) with --userns keep-id, which fixes the UID remapping. > This change is limited to Podman because Docker does not support > --userns keep-id. Queued to testing/next, thanks.
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include index 8df50a0ca06f..708e3a72fb8a 100644 --- a/tests/docker/Makefile.include +++ b/tests/docker/Makefile.include @@ -207,7 +207,12 @@ docker-run: docker-qemu-src $(call quiet-command, \ $(RUNC) run \ --rm \ - $(if $(NOUSER),,-u $(UID)) \ + $(if $(NOUSER),, \ + $(if $(filter docker,$(RUNC)), \ + -u $(UID), \ + --userns keep-id \ + ) \ + ) \ --security-opt seccomp=unconfined \ $(if $(DEBUG),-ti,) \ $(if $(NETWORK),$(if $(subst $(NETWORK),,1),--net=$(NETWORK)),--net=none) \
Previously we are always specifying -u $(UID) to match the UID in the container with one outside. This causes a problem with rootless Podman. Rootless Podman remaps user IDs in the container to ones controllable for the current user outside. The -u option instructs Podman to use a specified UID in the container but does not affect the UID remapping. Therefore, the UID in the container can be remapped to some other UID outside the container. This can make the access to bind-mounted volumes fail because the remapped UID mismatches with the owner of the directories. Replace -u $(UID) with --userns keep-id, which fixes the UID remapping. This change is limited to Podman because Docker does not support --userns keep-id. Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> --- tests/docker/Makefile.include | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- base-commit: 74abb45dac6979e7ff76172b7f0a24e869405184 change-id: 20240620-podman-99d55d3a610b Best regards,