Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Groups do not seem to be getting assigned by default in rootless mode versus rootful mode. #7782

Closed
rhatdan opened this issue Sep 25, 2020 · 3 comments · Fixed by #7871
Closed

Groups do not seem to be getting assigned by default in rootless mode versus rootful mode. #7782

rhatdan opened this issue Sep 25, 2020 · 3 comments · Fixed by #7871
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@rhatdan
Copy link
Member

rhatdan commented Sep 25, 2020
edited
Loading

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

$ podman (pullpolicy) $ sudo podman run --rm alpine id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
$ podman (pullpolicy) $ podman run --rm alpine id
uid=0(root) gid=0(root)
@openshift-ci-robot openshift-ci-robot added kind/bug Categorizes issue or PR as related to a bug. kind/feature Categorizes issue or PR as related to a new feature. labels Sep 25, 2020
@rhatdan
Copy link
Member Author

rhatdan commented Sep 25, 2020

@giuseppe @mheon @vrothberg Ideas?

@mheon mheon removed the kind/feature Categorizes issue or PR as related to a new feature. label Sep 25, 2020
@rhatdan rhatdan mentioned this issue Sep 25, 2020
Merged
@giuseppe
Copy link
Member

we are not setting additional gids for rootless: https://github.com/containers/podman/blob/master/libpod/container_internal_linux.go#L417-L422

I think the reason is that it won't work when there are no multiple gids available, or not enough to cover all the additional gids

@rhatdan
Copy link
Member Author

rhatdan commented Sep 30, 2020

You are saying that if the range of GIDs is not mapped into the user namespace? If so should we make this smarter and allow it to check the range of UIDs and make sure they will work and not blow up the container, then warn about missing gids.

@rhatdan rhatdan mentioned this issue Oct 1, 2020
Merged
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 22, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add additionalGIDs from users in rootless mode rhatdan/podman
4 participants
@giuseppe @rhatdan @mheon @openshift-ci-robot