rootlesskit icon indicating copy to clipboard operation
rootlesskit copied to clipboard
verified publisher icon rootless-containers

Sharing files with rootless containers

Open dg424 opened this issue 4 years ago • 2 comments

Hi,

So, I know that rootless creates a new user namespace, but is there a way to share files between rootless containers and the outside system "while maintaining permissions" ? For instance, both working on a shared storage area. I know I can do chmod ugo+rwx file, but is it possible to keep the permissions across the two boundaries ? For instance, if a file is owned by root outside, root in the rootless container has rw access; if the file is owned by user 1000, then, of course, only both root and 1000 can rw the file, and so on. I'm running rootlesskit via docker - latest release of both.

dg424 avatar Aug 20 '21 18:08 dg424

For instance, if a file is owned by root outside, root in the rootless container has rw access

No, if this was possible it’s a security issue

AkihiroSuda avatar Aug 20 '21 18:08 AkihiroSuda

Hi Akihiro,

Yes, I understand that with rootless, we do not want a rootless container's "root" user to access the "real root" areas on the host. The situation we have is that the host Docker daemon runs as root and we're running rootless on top of this. There are other "regular" containers on the host running as root or some other users creating files that we would like our rootless containers to have access to. The shared area in question is actually a mount point where all containers are interacting -- it is not a location on the actual host system area containing host system files etc. What is the best approach for dealing with this situation ?

dg424 avatar Aug 20 '21 18:08 dg424