Allow mixing userns=auto and userns=keep-id #24837
Assignees
Labels
Comments
Jookia
added
the
kind/feature
|
if I understand correctly the problem you are facing, you'd like I think we could achieve it adding a |
|
That is a better way to put it, yes. Having a size option would be good, especially if I can set a default like 65536 so distrobox works without modification for backwards compatibility.
|
giuseppe
added a commit
to giuseppe/libpod
that referenced
this issue
Dec 20, 2024
Introduce a new option "size" to configure the maximum size of the user namespace configured by keep-id. Closes: containers#24837 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libpod
that referenced
this issue
Dec 20, 2024
Introduce a new option "size" to configure the maximum size of the user namespace configured by keep-id. Closes: containers#24837 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
great, that is quite easy to add. Opened a PR: |
giuseppe
added a commit
to giuseppe/libpod
that referenced
this issue
Dec 20, 2024
Introduce a new option "size" to configure the maximum size of the user namespace configured by keep-id. Closes: containers#24837 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libpod
that referenced
this issue
Dec 20, 2024
Introduce a new option "size" to configure the maximum size of the user namespace configured by keep-id. Closes: containers#24837 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libpod
that referenced
this issue
Jan 7, 2025
Introduce a new option "size" to configure the maximum size of the user namespace configured by keep-id. Closes: containers#24837 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libpod
that referenced
this issue
Jan 8, 2025
Introduce a new option "size" to configure the maximum size of the user namespace configured by keep-id. Closes: containers#24837 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Honny1
pushed a commit
to Honny1/podman
that referenced
this issue
Jan 13, 2025
Introduce a new option "size" to configure the maximum size of the user namespace configured by keep-id. Closes: containers#24837 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
FedeDP
pushed a commit
to FedeDP/podman
that referenced
this issue
Jan 20, 2025
Introduce a new option "size" to configure the maximum size of the user namespace configured by keep-id. Closes: containers#24837 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Feature request description
Currently you have to pick between using userns=auto for every container you have or being able to keep-id which is useful for development containers. I'm hitting this issue with distrobox for example.
Using the following flag gets a working result:
Suggest potential solution
podman never promises the UID range in nomap or keep-id. Maybe these could use auto by default, or by a configuration flag?
Have you considered any alternatives?
The application using podman could instead be changed to use =auto. In my case I modified distrobox. However there's no way for distrobox to know whether to use =auto or =keep-id, especially since using the wrong one may affect other containers running on the machine.
Additional context
Using =auto has a significant security boost, it would be nice to have this as a rootless user.
The text was updated successfully, but these errors were encountered: