Sharing images between rootless and root

[sandorex]

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind feature

Description

Sharing between root and rootless podman requires running

$ podman save image image.tar
$ sudo podman import image.tar image

Could a feature be added so that they share images or allow pull between rootless and root like

# cause this is ran rootless it will pull from root
$ podman pull podman:image

If pull/push approach has security issues then only root should be able to pull/push images

[rhatdan]

Most likely not, we have talked about this in the past But there are issues with a rootless user sharing content with root. Mainly because the rootless user has the images stored with UIDs based on it's user namespace. The root user has this based on root. If a rootless user attempted to look at a root image, all of the undefined UIDs in the image would look like -1, to the container.

The is a potential to figure out a way to push and pull images from one store to another, via the docker-daemon protocol, now that we are developing it, but we would need a way to bridge the two together, perhaps through sudo.

Nothing is in the works at this point.

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

Status is unchanged.

[rhatdan]

I have been writing a blog on this, which should be published soon.

[rhatdan]

Blog published
https://www.redhat.com/sysadmin/image-stores-podman