Merge pull request #10139 from rhatdan/troubleshoot

[CI:DOCS] Add troubleshooting advice about the --userns option.

1 files changed, 9 insertions, 1 deletions

diff --git a/troubleshooting.md b/troubleshooting.md
index c5c592a8e..1e21edab4 100644
--- a/troubleshooting.md
+++ b/troubleshooting.md
@@ -23,7 +23,7 @@ touch: cannot touch '/content/file': Permission denied
 
 #### Solution
 
-This is usually caused by SELinux.
+This is sometimes caused by SELinux, and sometimes by user namespaces.
 
 Labeling systems like SELinux require that proper labels are placed on volume
 content mounted into a container. Without a label, the security system might
@@ -47,6 +47,14 @@ will disable SELinux separation for the container.
 
 $ podman run --security-opt label=disable -v ~:/home/user fedora touch /home/user/file
 
+In cases where the container image runs as a specific, non-root user, though, the
+solution is to fix the user namespace.  This would include container images such as
+the Jupyter Notebook image (which runs as "jovyan") and the Postgres image (which runs
+as "postgres").  In either case, use the `--userns` switch to map user namespaces,
+most of the time by using keep_id option.
+
+$ podman run -v "$PWD":/home/jovyan/work --userns=keep_id jupyter/scipy-notebook
+
 ---
 ### 3) No such image or Bare keys cannot contain ':'