Open giuseppe opened 4 months ago
to follow what Kubernetes does upstream, then we need to enforce idmap
on each volume when hostUsers: false
is used
But idmap only works as root with the right filesystem's? So what should podman do if idmap is not available?
yes idmap works only with root.
Not sure how this should be handled. Is it better to not follow what Kubernetes does in this case?
Maybe we could expect idmap
to be an explicit option for the volume
Not sure but it would be confusing to have different behaviour depending on system and root vs rootless.
Setting mount options explicitly should already work AFAIK although not sure how the syntax looks today. Also for my understanding is hostUsers: false
mapped to --userns=auto?
From my perspective, as a simple user, I think it probably should work like Kubernetes if the right conditions are met. The criterias should be defined in the documentation. Then it's clear for everyone. I don't think it need to support all the different edge cases.
Discussed in https://github.com/containers/podman/discussions/22848