From 166149b12dfb855393b434a02c2ecf034b97f8ad Mon Sep 17 00:00:00 2001
From: Josh Berkus <josh@agliodbs.com>
Date: Fri, 19 Mar 2021 13:25:34 -0700
Subject: Add troubleshooting advice about the --userns option.

Also a link to the troubleshooting guide into the issue template.

Replaces: https://github.com/containers/podman/pull/9770

Signed-off-by: Josh Berkus <josh@agliodbs.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 .github/ISSUE_TEMPLATE.md |  3 ++-
 troubleshooting.md        | 10 +++++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
index 1a7153848..b8ba48819 100644
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -67,7 +67,8 @@ Briefly describe the problem you are having in a few paragraphs.
 (paste your output here)
 ```
 
-**Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?**
+**Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)**
+
 
 Yes/No
 
diff --git a/troubleshooting.md b/troubleshooting.md
index 077e342cd..93ff56c3e 100644
--- a/troubleshooting.md
+++ b/troubleshooting.md
@@ -23,7 +23,7 @@ touch: cannot touch '/content/file': Permission denied
 
 #### Solution
 
-This is usually caused by SELinux.
+This is sometimes caused by SELinux, and sometimes by user namespaces.
 
 Labeling systems like SELinux require that proper labels are placed on volume
 content mounted into a container. Without a label, the security system might
@@ -47,6 +47,14 @@ will disable SELinux separation for the container.
 
 $ podman run --security-opt label=disable -v ~:/home/user fedora touch /home/user/file
 
+In cases where the container image runs as a specific, non-root user, though, the
+solution is to fix the user namespace.  This would include container images such as
+the Jupyter Notebook image (which runs as "jovyan") and the Postgres image (which runs
+as "postgres").  In either case, use the `--userns` switch to map user namespaces,
+most of the time by using keep_id option.
+
+$ podman run -v "$PWD":/home/jovyan/work --userns=keep_id jupyter/scipy-notebook
+
 ---
 ### 3) No such image or Bare keys cannot contain ':'
 
-- 
cgit v1.2.3-54-g00ecf