Closed sondermc closed 2 years ago
This is working as expected. You are not root, you are just root within the user namespace. If you look at the content of your homedir, while in unshare, you should notice all the files in your homedir are owned by root, if you exit the unshare then they will be owned by you again. This is just user namespace faking that you are root.
https://opensource.com/article/18/12/podman-and-user-namespaces
aha. confirmed. I cannot do real 'root' tasks. That scared the s*$t out of me. Thanks!
@sondermc for future reference, we do appreciate the issue report, but if you have one in the future for Podman, please report the issue against the Podman GitHub repo instead. This repo is used for the podman.io blog site and has a lot fewer Podman maintainers monitoring this repo.
Hello community,
I'm for years now using this great tool but now I bumped into a horrible situation which I didn't notice before. I run Fedora 35 and installed podman from the fedora repositories. I was playing around with the mounting of volumes as an unprivileged user. Here is the snippet of my experience.
[foo@bar ~]$ id uid=1000(foo) gid=1000(foo) groups=1000(foo),10(wheel),107(qemu),977(wireshark),985(libvirt) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [foo@bar ~]$ cd workspace/fedora/podman/ [foo@bar podman]$ podman unshare [root@bar podman]# id uid=0(root) gid=0(root) groups=0(root),65534(nobody) context=unconfined_u:system_r:container_runtime_t:s0-s0:c0.c1023 [root@bar podman]# exit exit [foo@bar podman]$ podman --version podman version 3.4.4 [foo@bar podman]$ uname -a Linux bar 5.16.16-200.fc35.x86_64 #1 SMP PREEMPT Sat Mar 19 13:52:41 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
So I gained root (uid=0) privileges by running 'podman unshare'. I really don't know if there are other distro's out there reacting the same. I thought this one was too important, so I created a ticket right away. If you need more info, I'm more than willing to help.
Kind Regards, Chris