On a Tuesday in 2023, Daniel P. Berrangé wrote:
On Tue, Sep 12, 2023 at 04:05:04PM +0200, Ján Tomko wrote:On a Monday in 2023, Daniel P. Berrangé wrote: > I would expect libvirt to "do the right thing" and automatically load > the /etc/subuid data for the current user and NOT require any extra > XML mapping to be set for unprivileged usage. > So, by default libvirt would assume that unprivileged accessmode='passthrough' means "use the whole range for my user from /etc/subuid"? Podman treats /etc/subuid as a pool and chooses a 64K range that is (to its knowledge) unused. I'm undecided whether that would also be a reasonable option for a default.I thought podman simply used the entry that is in /etc/subuid as is:
D'oh. Right. By default it uses --userns=host, which behaves as you describe. What I described is --userns=auto behavior, suggested in the bug discussion: https://bugzilla.redhat.com/show_bug.cgi?id=2034630#c8 Jano
$ grep $LOGNAME /etc/subuid berrange:165536:65536 $ podman run -it centos:stream9 cat /proc/self/uid_map 0 1001 1 1 165536 65536 Maps "root" to my original unpriv login UID, and maps everything else to the 64k IDs reserved in /etc/subuid With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
Attachment:
signature.asc
Description: PGP signature