Hacker News new | past | comments | ask | show | jobs | submit login

I don't think this will work unless you have a range of user and group IDs allocated for your user. Those will be used for non-root in-container users.

    $ echo USERNAME:10000:65536 >> /etc/subuid
    $ echo USERNAME:10000:65536 >> /etc/subgid



Technically you don't need those if you always run your contains as a single user mapped to your real UID.


I know uid 0 in container will always map to uid outside the container (e.g. 1005), but I haven't tried e.g. uid 999 in the container to ensure it maps to uid outside of the container (again, 1005), does that work?


> I know uid 0 in container will always map to uid outside the container

I don't think that's true. Have a look at Podman's --userns=keep-id and related options.


ah yeah, I had forgot about that one specifically




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: