Allow mixing userns=auto and userns=keep-id #24837
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
Comments
Jookia
added
the
kind/feature
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature request description
Currently you have to pick between using userns=auto for every container you have or being able to keep-id which is useful for development containers. I'm hitting this issue with distrobox for example.
Using the following flag gets a working result:
Suggest potential solution
podman never promises the UID range in nomap or keep-id. Maybe these could use auto by default, or by a configuration flag?
Have you considered any alternatives?
The application using podman could instead be changed to use =auto. In my case I modified distrobox. However there's no way for distrobox to know whether to use =auto or =keep-id, especially since using the wrong one may affect other containers running on the machine.
Additional context
Using =auto has a significant security boost, it would be nice to have this as a rootless user.
The text was updated successfully, but these errors were encountered: