New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
subid: test with podman #6095
subid: test with podman #6095
Conversation
podman can leverage FreeIPA-managed subids provided: - nsswitch.conf contains "subid: sss" - a real session is opened for that user (not su) podman provides also a way to test whether subids can be retrieved: $ podman unshare cat /proc/self/uid_map $ podman unshare cat /proc/self/gid_map Fixes: TBD Signed-off-by: François Cami <fcami@redhat.com>
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This issue has been automatically closed as stale it has not had recent activity. |
It looks like this functionality still doesn't exist for podman in a FreeIPA managed environment. Is that correct? I opened an issue in Silverblue a while back with this same problem. See: fedora-silverblue/issue-tracker#263 Now, I'm attempting the same thing on an AlmaLinux client that's joined to my FreeIPA domain, and has the See below output:
|
Can you explain what did you do to enable use of subids in FreeIPA? The documentation is here: I have subid support enabled:
in a different terminal:
|
Hmmm, the issue unfolds further. If I run a rootless container as my user account for maintenance and server ops, with sudo roles, etc., everything works fine... On the |
PEBKAC error here. I apologize. After running I appreciate you hitting the think tank with me. Happy holidays! |
podman can leverage FreeIPA-managed subids provided:
podman provides also a way to test whether subids can be retrieved:
$ podman unshare cat /proc/self/uid_map
$ podman unshare cat /proc/self/gid_map
Fixes: TBD
Signed-off-by: François Cami fcami@redhat.com