public/pipglr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix newuidmap...`: newuidmap: open of uid_map failed: Permission denied

Browse Source 
Within a container, caps need to be set on /usr/bin/new{uid,gid}map
which reflect the (inner) podman user's root namespaced ID of 10000.

Signed-off-by: Chris Evich <chris_gitlab@icuc.me>
This commit is contained in:
Chris Evich
2022-12-08 06:52:02 -05:00
parent db6f2bceb9
commit bf242e8a52
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Containerfile
View File

@@ -99,7 +99,9 @@ RUN sed -i -r \
chmod u+s /usr/bin/new{uid,gid}map && \
rm -f /home/podman/.bash* && \
echo DOCKER_HOST="unix:///tmp/podman-run-1000/podman/podman.sock" > /etc/profile.d/podman.sh && \
echo "podman:10000:10000" | tee /etc/subuid > /etc/subgid
echo "podman:10000:10000" | tee /etc/subuid > /etc/subgid && \
setcap -n 10000 cap_setuid+ep /usr/bin/newuidmap && \
setcap -n 10000 cap_setuid+ep /usr/bin/newgidmap
# Runtime rootless-mode configuration
USER podman