Closed farmerboy95 closed 3 months ago
The problem is actually not related to Docker, I can reproduce it on a normal Linux system.
However, I am not sure what you are trying to achieve. The --as-uid
and --as-gid
options are typically used only when root is initializing a sandbox on behalf of another user (e.g., in a sandbox management daemon as in the daemon
branch). So using it with --run
does not make much sense.
Thanks for the quick reply @gollux , I think I understand it now after checking the daemon
branch. Since I did not see any example of how to use these 2 options, I thought they could be used with --run
.
So you mean that we should only use them in --init
?
Yes, it is supposed to be used only with --init
as root, while the actual --run
is done by the non-root user.
Hello,
I'm using Docker to use isolate (I know it's not supposed to be run in Docker anw), and I'm trying to use
--as-uid
and--as-gid
options. This is conducted with the latest master branch. So my init is likeThen I tried to run a simple echo command. It looks fine.
Then I created a user with UID 12000, and use it in the 2 options.
I tried to make the output verbose
When
strace
it, I found that thesetresgid
returned an error.I tried with cgroup (v2) already. The output is the same.
Is there anything I'm missing here? Am I supposed to use those 2 options in Docker? Please note that I'm at
root
already and this Docker container is run with--privileged
Looking forward to seeing some possible solutions. Thanks a lot guys.