diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-12-23 13:46:10 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-23 13:46:10 +0100 |
| commit | a7f1c05366c86a05e247049f8837b4aadc54fc50 (patch) | |
| tree | 6174754c7853455b2b75bc20ac935374bea4c32c /docs/source | |
| parent | fbdfd55e2d58484edd2e56b85f50086746e80314 (diff) | |
| parent | cb4f498e4fa310a4d54859083cf48e7a04948464 (diff) | |
| download | podman-a7f1c05366c86a05e247049f8837b4aadc54fc50.tar.gz podman-a7f1c05366c86a05e247049f8837b4aadc54fc50.tar.bz2 podman-a7f1c05366c86a05e247049f8837b4aadc54fc50.zip | |
Merge pull request #12692 from giuseppe/fix-additional-ids-doc
[CI:DOCS] docs: document rootless userns mappings
Diffstat (limited to 'docs/source')
| -rw-r--r-- | docs/source/markdown/podman-create.1.md | 10 | ||||
| -rw-r--r-- | docs/source/markdown/podman-run.1.md | 11 |
2 files changed, 21 insertions, 0 deletions
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index c8f1ec3a5..eeed49185 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -1142,10 +1142,20 @@ If for example _amount_ is **5** the second mapping step would look like: | _from_uid_ + 3 | _container_uid_ + 3 | | _from_uid_ + 4 | _container_uid_ + 4 | +The current user ID is mapped to UID=0 in the rootless user namespace. +Every additional range is added sequentially afterward: + +| host |rootless user namespace | length | +| - | - | - | +| $UID | 0 | 1 | +| 1 | $FIRST_RANGE_ID | $FIRST_RANGE_LENGTH | +| 1+$FIRST_RANGE_LENGTH | $SECOND_RANGE_ID | $SECOND_RANGE_LENGTH| + Even if a user does not have any subordinate UIDs in _/etc/subuid_, **--uidmap** could still be used to map the normal UID of the user to a container UID by running `podman create --uidmap $container_uid:0:1 --user $container_uid ...`. + #### **--ulimit**=*option* Ulimit options diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index 55642d5b3..48f7295fd 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -1216,6 +1216,17 @@ If for example _amount_ is **5** the second mapping step would look like: | _from_uid_ + 3 | _container_uid_ + 3 | | _from_uid_ + 4 | _container_uid_ + 4 | +When running as rootless, Podman will use all the ranges configured in the _/etc/subuid_ file. + +The current user ID is mapped to UID=0 in the rootless user namespace. +Every additional range is added sequentially afterward: + +| host |rootless user namespace | length | +| - | - | - | +| $UID | 0 | 1 | +| 1 | $FIRST_RANGE_ID | $FIRST_RANGE_LENGTH | +| 1+$FIRST_RANGE_LENGTH | $SECOND_RANGE_ID | $SECOND_RANGE_LENGTH| + Even if a user does not have any subordinate UIDs in _/etc/subuid_, **--uidmap** could still be used to map the normal UID of the user to a container UID by running `podman run --uidmap $container_uid:0:1 --user $container_uid ...`. |