From cb4f498e4fa310a4d54859083cf48e7a04948464 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 23 Dec 2021 09:32:33 +0100 Subject: [CI:DOCS] docs: document rootless userns mappings document how the host IDs are mapped inside the rootless user namespace. Closes: https://github.com/containers/podman/issues/12676 Signed-off-by: Giuseppe Scrivano --- docs/source/markdown/podman-create.1.md | 10 ++++++++++ docs/source/markdown/podman-run.1.md | 11 +++++++++++ 2 files changed, 21 insertions(+) (limited to 'docs') diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index c8f1ec3a5..eeed49185 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -1142,10 +1142,20 @@ If for example _amount_ is **5** the second mapping step would look like: | _from_uid_ + 3 | _container_uid_ + 3 | | _from_uid_ + 4 | _container_uid_ + 4 | +The current user ID is mapped to UID=0 in the rootless user namespace. +Every additional range is added sequentially afterward: + +| host |rootless user namespace | length | +| - | - | - | +| $UID | 0 | 1 | +| 1 | $FIRST_RANGE_ID | $FIRST_RANGE_LENGTH | +| 1+$FIRST_RANGE_LENGTH | $SECOND_RANGE_ID | $SECOND_RANGE_LENGTH| + Even if a user does not have any subordinate UIDs in _/etc/subuid_, **--uidmap** could still be used to map the normal UID of the user to a container UID by running `podman create --uidmap $container_uid:0:1 --user $container_uid ...`. + #### **--ulimit**=*option* Ulimit options diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index 55642d5b3..48f7295fd 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -1216,6 +1216,17 @@ If for example _amount_ is **5** the second mapping step would look like: | _from_uid_ + 3 | _container_uid_ + 3 | | _from_uid_ + 4 | _container_uid_ + 4 | +When running as rootless, Podman will use all the ranges configured in the _/etc/subuid_ file. + +The current user ID is mapped to UID=0 in the rootless user namespace. +Every additional range is added sequentially afterward: + +| host |rootless user namespace | length | +| - | - | - | +| $UID | 0 | 1 | +| 1 | $FIRST_RANGE_ID | $FIRST_RANGE_LENGTH | +| 1+$FIRST_RANGE_LENGTH | $SECOND_RANGE_ID | $SECOND_RANGE_LENGTH| + Even if a user does not have any subordinate UIDs in _/etc/subuid_, **--uidmap** could still be used to map the normal UID of the user to a container UID by running `podman run --uidmap $container_uid:0:1 --user $container_uid ...`. -- cgit v1.2.3-54-g00ecf