-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Shared mounts with UID/GID mapping #12154
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
Comments
openshift-ci
bot
added
the
kind/feature
Categorizes issue or PR as related to a new feature.
label
Nov 1, 2021
Potentially something like this could be done with the shifting file system, but we don't use that yet. @giuseppe WDYT? |
yes, I think this can be achieved with idmapped mounts. We will need to make it explicit though, with a new option |
also, this should happen in the OCI runtime, which is currently not possible because the runtime-specs miss this feature |
giuseppe
added a commit
to giuseppe/libpod
that referenced
this issue
Nov 18, 2021
pass down the "idmap" mount option to the OCI runtime. Needs: containers/crun#780 Closes: containers#12154 [NO NEW TESTS NEEDED] there is no crun version yet that support the new feature. Test case (must run as root): podman run --rm -v foo:/foo alpine touch /foo/bar podman run --uidmap 0:1:1000 --rm -v foo:/foo:idmap alpine ls -l /foo total 0 -rw-r--r-- 1 root root 0 Nov 15 14:01 bar Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
github-actions
bot
added
the
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
label
Sep 21, 2023
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind feature
Description
We are running multiple rootfull containers with
--uidmap
&--gidmap
, each with disjoint ranges from other containers. Overtime the goal is to migrate to fully rootless containers and I think the issue also applies there.The problem we want to solve is that we want to be able to mount the same directory into multiple containers and let each of them use it as if the owners are all within their namespace. I.e. the mount should have a thin layer that fakes UID/GID of the file owners for each container, but the actual files are not duplicated, I believe something similar is done with container image files when starting the container?
Ideally this would be an option to
--volume
, similar toU
, but that does not modify the host filesystem.Showcasing the wanted behavior with commands:
The current behavior is that the
ls
in the container will show IDs 65534.The text was updated successfully, but these errors were encountered: