zwift icon indicating copy to clipboard operation
zwift copied to clipboard

Published 20 hours ago verified publisher icon netbrain

Podman UID and GID

Open netbrain opened this issue 9 months ago • 1 comments

Investigate why uid and gid mapping is problematic when using gosu as introduced in #94 and fixed for podman in #102

netbrain avatar Apr 29 '24 05:04 netbrain

@hobeone @perrin4869

Added this issue to see if we can solve it in a different manner in the future, so that docker and podman can be more aligned with eachother so they share the same exeution path.

netbrain avatar Apr 29 '24 05:04 netbrain

I finally had time to spend digging into the difference between docker and podman.

Podman takes a different (and on first blush - technically better) approach to starting containers and eschewing root privileges. This makes the security model different - e.g. the container never gets root privs and so all of the sudo & gosu things we do for docker in #94 aren't necessary. I think the solution that @perrin4869 added in #102 is correct but doesn't let you run as arbitrary UID/GID. That's probably fine for the zwift use case.

Within the container it may look like it's running as root but outside it will be mapped to the user that started it. @perrin4869 is that when you see when you run it?

podman exec -it zwift-$USER ps guaxww | grep Zwift

vs

ps guaxww | grep Zwift

I think this issue can be closed out. wdyt?

hobeone avatar May 05 '24 09:05 hobeone

Agreed 👍

netbrain avatar May 05 '24 11:05 netbrain