Include additional folder for the container volume mounts in `dind-rootless` variant

[andreiborisov]

I have a k8s pod consisted of an app container and a dind container and want to share the dind volumes to the app container. It would be nice to create a folder in the dind-rootless image for that (/home/rootless/data perhaps? /home/rootless/volumes?).

As of now, I need to build another image from dind-rootless to make permissions work across images since there is no way to set up permissions during the volume mount (I'm using a non-root user on the app container as well):

FROM docker:19.03.11-dind-rootless

RUN mkdir -p /home/rootless/volumes \
  && chown -R rootless /home/rootless/volumes

Not a huge deal, however, it seems like a common use-case and perhaps it's reasonable to include in the dind-rootless image itself.

[tianon]

Isn't this what fsGroup and fsGroupChangePolicy are for?

(https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod and https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#configure-volume-permission-and-ownership-change-policy-for-pods)

[andreiborisov]

@tianon thanks, yeah, that would be a proper solution in the context of k8s, however, it would be still useful to have this sorted using only Docker.

For example, we are also using the same images with docker-compose for testing, development containers, etc.