aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJosh Berkus <josh@agliodbs.com>2021-03-19 13:25:34 -0700
committerDaniel J Walsh <dwalsh@redhat.com>2021-04-26 17:31:29 -0400
commit166149b12dfb855393b434a02c2ecf034b97f8ad (patch)
tree98451ce99be13144219bcac33df3f56d1b46e3cb
parent2039be00d12afaab84659619c47a463cacb039f5 (diff)
downloadpodman-166149b12dfb855393b434a02c2ecf034b97f8ad.tar.gz
podman-166149b12dfb855393b434a02c2ecf034b97f8ad.tar.bz2
podman-166149b12dfb855393b434a02c2ecf034b97f8ad.zip
Add troubleshooting advice about the --userns option.
Also a link to the troubleshooting guide into the issue template. Replaces: https://github.com/containers/podman/pull/9770 Signed-off-by: Josh Berkus <josh@agliodbs.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
-rw-r--r--.github/ISSUE_TEMPLATE.md3
-rw-r--r--troubleshooting.md10
2 files changed, 11 insertions, 2 deletions
diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
index 1a7153848..b8ba48819 100644
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -67,7 +67,8 @@ Briefly describe the problem you are having in a few paragraphs.
(paste your output here)
```
-**Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?**
+**Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)**
+
Yes/No
diff --git a/troubleshooting.md b/troubleshooting.md
index 077e342cd..93ff56c3e 100644
--- a/troubleshooting.md
+++ b/troubleshooting.md
@@ -23,7 +23,7 @@ touch: cannot touch '/content/file': Permission denied
#### Solution
-This is usually caused by SELinux.
+This is sometimes caused by SELinux, and sometimes by user namespaces.
Labeling systems like SELinux require that proper labels are placed on volume
content mounted into a container. Without a label, the security system might
@@ -47,6 +47,14 @@ will disable SELinux separation for the container.
$ podman run --security-opt label=disable -v ~:/home/user fedora touch /home/user/file
+In cases where the container image runs as a specific, non-root user, though, the
+solution is to fix the user namespace. This would include container images such as
+the Jupyter Notebook image (which runs as "jovyan") and the Postgres image (which runs
+as "postgres"). In either case, use the `--userns` switch to map user namespaces,
+most of the time by using keep_id option.
+
+$ podman run -v "$PWD":/home/jovyan/work --userns=keep_id jupyter/scipy-notebook
+
---
### 3) No such image or Bare keys cannot contain ':'