Skip to content

Commit

Permalink
tests/docker: Specify --userns keep-id for Podman
Browse files Browse the repository at this point in the history
Previously we are always specifying -u $(UID) to match the UID in the
container with one outside. This causes a problem with rootless Podman.

Rootless Podman remaps user IDs in the container to ones controllable
for the current user outside. The -u option instructs Podman to use
a specified UID in the container but does not affect the UID remapping.
Therefore, the UID in the container can be remapped to some other UID
outside the container. This can make the access to bind-mounted volumes
fail because the remapped UID mismatches with the owner of the
directories.

Replace -u $(UID) with --userns keep-id, which fixes the UID remapping.
This change is limited to Podman because Docker does not support
--userns keep-id.

Signed-off-by: Akihiko Odaki <[email protected]>
Message-Id: <[email protected]>
Signed-off-by: Alex Bennée <[email protected]>
Message-Id: <[email protected]>
  • Loading branch information
akihikodaki authored and stsquad committed Jul 5, 2024
1 parent f5fcc64 commit aa8246d
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion tests/docker/Makefile.include
Original file line number Diff line number Diff line change
@@ -207,7 +207,12 @@ docker-run: docker-qemu-src
$(call quiet-command, \
$(RUNC) run \
--rm \
$(if $(NOUSER),,-u $(UID)) \
$(if $(NOUSER),, \
$(if $(filter docker,$(RUNC)), \
-u $(UID), \
--userns keep-id \
) \
) \
--security-opt seccomp=unconfined \
$(if $(DEBUG),-ti,) \
$(if $(NETWORK),$(if $(subst $(NETWORK),,1),--net=$(NETWORK)),--net=none) \

0 comments on commit aa8246d

Please sign in to comment.