Ayush Ranjan
Ayush Ranjan
Ah whoops! I forgot the "internal safe review approval" thing. @derpsteb could you rebase and fix the merge conflicts and I will get this merged.
I have fixed it up in #10234. Will submit that.
Urgh that is blocked on an internal test breakage... If it is urgent, I can bypass those breakages and submit.
We probably need more than just the title to investigate. Logs, reproducer, etc.
Adding to what @avagin said: so if you remove this part from your config.json: ``` "user": { "uid": 1000, "gid": 1000 }, ``` OR set the user to `0` then...
`runsc` and `runc` are low level container runtimes. `podman` is a tool on top of these runtimes. So if you want podman's `--userns=keep-id` behavior, you can directly use podman **with**...
> But as we setup a 1000:1000 userns map, this will cause a invalid argument error. This is reasonable as we are 1000 user in the current user ns so...
Let me look into this. It may be an issue with the function you pointed out (`syncUsernsForRootless()`). The gofer and sandbox processes are started in a new userns with complete...
Yeah this seems like an issue in runsc. For rootless containers, we currently only support running the non-root user as root inside the container's user namespace. This covers the common...
Awesome! I think I had missed the `Inheritable: caps` part. Uh I unfortunately don't have cycles right now, but have put this on my TODO list. If someone else wants...