aboutsummaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2021-12-23 13:46:10 +0100
committerGitHub <noreply@github.com>2021-12-23 13:46:10 +0100
commita7f1c05366c86a05e247049f8837b4aadc54fc50 (patch)
tree6174754c7853455b2b75bc20ac935374bea4c32c /docs
parentfbdfd55e2d58484edd2e56b85f50086746e80314 (diff)
parentcb4f498e4fa310a4d54859083cf48e7a04948464 (diff)
downloadpodman-a7f1c05366c86a05e247049f8837b4aadc54fc50.tar.gz
podman-a7f1c05366c86a05e247049f8837b4aadc54fc50.tar.bz2
podman-a7f1c05366c86a05e247049f8837b4aadc54fc50.zip
Merge pull request #12692 from giuseppe/fix-additional-ids-doc
[CI:DOCS] docs: document rootless userns mappings
Diffstat (limited to 'docs')
-rw-r--r--docs/source/markdown/podman-create.1.md10
-rw-r--r--docs/source/markdown/podman-run.1.md11
2 files changed, 21 insertions, 0 deletions
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index c8f1ec3a5..eeed49185 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -1142,10 +1142,20 @@ If for example _amount_ is **5** the second mapping step would look like:
| _from_uid_ + 3 | _container_uid_ + 3 |
| _from_uid_ + 4 | _container_uid_ + 4 |
+The current user ID is mapped to UID=0 in the rootless user namespace.
+Every additional range is added sequentially afterward:
+
+| host |rootless user namespace | length |
+| - | - | - |
+| $UID | 0 | 1 |
+| 1 | $FIRST_RANGE_ID | $FIRST_RANGE_LENGTH |
+| 1+$FIRST_RANGE_LENGTH | $SECOND_RANGE_ID | $SECOND_RANGE_LENGTH|
+
Even if a user does not have any subordinate UIDs in _/etc/subuid_,
**--uidmap** could still be used to map the normal UID of the user to a
container UID by running `podman create --uidmap $container_uid:0:1 --user $container_uid ...`.
+
#### **--ulimit**=*option*
Ulimit options
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index 55642d5b3..48f7295fd 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -1216,6 +1216,17 @@ If for example _amount_ is **5** the second mapping step would look like:
| _from_uid_ + 3 | _container_uid_ + 3 |
| _from_uid_ + 4 | _container_uid_ + 4 |
+When running as rootless, Podman will use all the ranges configured in the _/etc/subuid_ file.
+
+The current user ID is mapped to UID=0 in the rootless user namespace.
+Every additional range is added sequentially afterward:
+
+| host |rootless user namespace | length |
+| - | - | - |
+| $UID | 0 | 1 |
+| 1 | $FIRST_RANGE_ID | $FIRST_RANGE_LENGTH |
+| 1+$FIRST_RANGE_LENGTH | $SECOND_RANGE_ID | $SECOND_RANGE_LENGTH|
+
Even if a user does not have any subordinate UIDs in _/etc/subuid_,
**--uidmap** could still be used to map the normal UID of the user to a
container UID by running `podman run --uidmap $container_uid:0:1 --user $container_uid ...`.