From 09d2c46b2179f84f7c619cf52aa94bafc63572aa Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 3 Nov 2020 22:02:02 +0100 Subject: [PATCH] cmd/create: Use the host's user namespace when running as root One of the biggest advantages of running as root is the ability to have all the UIDs from the host operating system mapped into the container by using the host's user namespace. This can be a big help when faced with permission problems. https://github.com/containers/toolbox/issues/267 --- src/cmd/create.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/cmd/create.go b/src/cmd/create.go index bbdc4747f..4f5573352 100644 --- a/src/cmd/create.go +++ b/src/cmd/create.go @@ -227,6 +227,13 @@ func createContainer(container, image, release string, showCommandToEnter bool) ulimitHost = []string{"--ulimit", "host"} } + var usernsArg string + if currentUser.Uid == "0" { + usernsArg = "host" + } else { + usernsArg = "keep-id" + } + dbusSystemSocket, err := getDBusSystemSocket() if err != nil { return err @@ -376,7 +383,7 @@ func createContainer(container, image, release string, showCommandToEnter bool) createArgs = append(createArgs, ulimitHost...) createArgs = append(createArgs, []string{ - "--userns=keep-id", + "--userns", usernsArg, "--user", "root:root", "--volume", "/boot:/run/host/boot:rslave", "--volume", "/etc:/run/host/etc",