-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error running Podman with --uidmap to non-root container user #11922
Comments
the mapping You need to add at least two IDs, e.g. `--uidmap=1001:0:1 --uidmap=0:1:1 |
@giuseppe, the command above still fails when adding
Adding Would it be wise for Podman to resolve this automatically without requiring users to explicitly remap container UID 0? |
ok sorry, didn't understand you want to run with just one user mapped in. In this case, Podman also adds the same mappings for GIDs if not overriden. Can you try with:
|
I get the error:
This error is now the same as when I run the original command.
I'm not sure why I can't reproduce the original error now. Perhaps I needed to run a |
when you run with a single mapping you also need to specify |
Unfortunately I still get the same error after adding the following: ~/.config/containers/storage.conf:
...or if I add the argument |
If you have only one UID available within your user namespace then inside of the user namespace that UID has to be root (I believe) and your process has to run as root. Could you try without the --user option. |
I think that error is happening at pull time.
crun allows to run with just one user that is not mapped to root. The last error is happening when creating a copy of the image. I wonder if I didn't see it because I've started with a fresh storage |
Yes this is happening when the image is being downloaded into storage. |
|
From my experience, the error still happens after a successful pull. I can pull the image separately but get the above errors when trying to run it with --uidmap. More tests as @rhatdan requested: With --uidmap but without --user:
Without --uidmap or --user:
With --user and 2 --uidmaps:
|
so In the case above, the user has multiple IDs available so the image was pulled without squashing the IDs in the image. I think we should treat it as an error, since the image uses IDs that are not made available in the user namespace and require the usage of |
Thank you both for taking a look at this. So do you consider this "working as designed"? I personally found it tricky to use the right command to make this work, since the documentation only mentions |
any progress?I still find the same problem with podman 4.1.1. And I found a strange problem, there is no problem when I set uidmap 0:1:1000, but have problem when I set 0:2:1000, it seems that I can not consume more than 1000 subuid in rootless mode ? |
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Error running Podman with --uidmap to non-root container user
I'm wanting to run a rootless container with a non-root UID (1001) that's mapped back to my host UID (1000).
Following the directions from the Podman run documentation
...I should only need to specify
--user 1001 --uidmap=1001:0:1
, but this returns the error result below.Steps to reproduce the issue:
Describe the results you received:
Describe the results you expected:
Run container successfully, with container user 1001 mapped to host user 1000.
Additional information you deem important (e.g. issue happens only occasionally):
I don't get this error when adding either of the following:
--uidmap=0:1:1000
--gidmap=0:0:1
These arguments are mutually exclusive. If I run both, I get the following:
Of these workarounds,
--gidmap
seems more appropriate given the error message "doesn't map GID 0", but when I run this, I get the following error inpodman top
:Output of
podman version
:Output of
podman info --debug
:Package info (e.g. output of
rpm -q podman
orapt list podman
):Podman version installed via the Kubic project.
Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)
Yes
Additional environment details (AWS, VirtualBox, physical, etc.):
Host is Ubuntu 21.04 running in Hyper-V VM using multipass
The text was updated successfully, but these errors were encountered: