Closed netbrain closed 6 months ago
netbrain
commented
6 months ago @hobeone @perrin4869
Added this issue to see if we can solve it in a different manner in the future, so that docker and podman can be more aligned with eachother so they share the same exeution path.
hobeone
commented
6 months ago I finally had time to spend digging into the difference between docker and podman.
Podman takes a different (and on first blush - technically better) approach to starting containers and eschewing root privileges. This makes the security model different - e.g. the container never gets root privs and so all of the sudo & gosu things we do for docker in #94 aren't necessary. I think the solution that @perrin4869 added in #102 is correct but doesn't let you run as arbitrary UID/GID. That's probably fine for the zwift use case.
Within the container it may look like it's running as root but outside it will be mapped to the user that started it. @perrin4869 is that when you see when you run it?
podman exec -it zwift-$USER ps guaxww | grep Zwift
vs
ps guaxww | grep Zwift
I think this issue can be closed out. wdyt?
netbrain
commented
6 months ago Agreed 👍
Investigate why uid and gid mapping is problematic when using gosu as introduced in #94 and fixed for podman in #102