ansible · shatakshiiii · Apr 22, 2026 · Apr 21, 2026 · Apr 22, 2026 · Apr 22, 2026
@@ -39,4 +39,5 @@ skopeo
 unmarshal
 unmarshalling
 urandom
+userdel
 userns
@@ -12,6 +12,8 @@ components:
       env:
         - name: "ANSIBLE_COLLECTIONS_PATH"
           value: "~/.ansible/collections:/usr/share/ansible/collections:/projects/ansible-devspaces-demo/collections"
+        - name: "ADT_CONTAINER_ENGINE"
+          value: "podman"
 commands:
   - id: molecule-create
     exec:

@@ -16,7 +16,8 @@ RUN --mount=type=bind,target=. --mount=type=cache,dst=/var/cache/dnf --mount=typ
 
 ENV BUILDAH_ISOLATION=chroot
 
-USER 10001
+# Reflect the UID that the SCC will force the workspace to run as.
+USER 1000
 
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["tail", "-f", "/dev/null"]
@@ -49,6 +49,19 @@ setcap cap_setuid+ep /usr/bin/newuidmap
 setcap cap_setgid+ep /usr/bin/newgidmap
 touch /etc/subgid /etc/subuid
 chown 0:0 /etc/subgid /etc/subuid
+# Remove the base image entries for user
+if id user >/dev/null 2>&1
+then
+  userdel user
+  # Add the user with the UID that the SCC will enforce
+  if ! useradd -u 1000 -G wheel,root -d /home/user --shell /bin/bash -m user; then
+    echo "ERROR: Failed to create user with UID 1000" >&2
+    exit 1
+  fi
+  usermod -L user
+  chmod 400 /etc/shadow
+  chown -R user /home/user
+fi
 
 if [[ "${ENABLE_NOPASSWD_SUDO:-false}" == "true" ]]; then
     echo "%wheel ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/wheel-nopasswd
-Original file line number
+Diff line change
@@ Expand Up / @@ -39,4 +39,5 @@ skopeo @@
     unmarshal
     unmarshalling
     urandom
+    userdel
     userns