Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

--userns=keep-id:uid=1001,gid=0: container create failed (no logs from conmon) #22078

Closed
reenberg opened this issue Mar 18, 2024 · 1 comment · Fixed by #22080
Closed

--userns=keep-id:uid=1001,gid=0: container create failed (no logs from conmon) #22078

reenberg opened this issue Mar 18, 2024 · 1 comment · Fixed by #22080
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@reenberg
Copy link

reenberg commented Mar 18, 2024
edited
Loading

Issue Description

I'm trying to spin up a VS Code DevContainer using a UBI9/python-311 image, which is setup to use a user with UID 1001, and GID 0.
I have gotten it to work by mapping it to root inside the container, but I really would like to have it running as UID 1001. For this i'm adding --userns="keep-id:uid=1001,gid=1001" as runArgs, which seem to work flawlessly, except for the fact that the GID doesn't match the users GID inside the container, so when files are created inside the DevContainer they get the wrong GID outside (wrong not being my local users default GID).

I would expect that I could run the DevContainer with --userns="keep-id:uid=1001,gid=0" and have eveything working as expected, however Podman fails with an error when i try to do this. It seems like the same parsing error happens if I try and set uid to 0 in the above.

I am explicitly using the keep-id feature, as i don't know the UID of everyone who is going to use this, so --uidmap and --gidmap is not easily useable in this scenario.

Steps to reproduce the issue

Steps to reproduce the issue

  1. podman run --rm -it --userns=keep-id:uid=1001,gid=0 registry.access.redhat.com/ubi9/python-311:latest bash

Describe the results you received

Podman errored with the following:

Error: container create failed (no logs from conmon): conmon bytes "": readObjectStart: expect { or n, but found , error found in #0 byte of ...||..., bigger context ...||...`

Describe the results you expected

That the container starts with GID 0 mapped to 0 such that it matched my default group outside the container.
Something like the following (hopefully i have calculated the numbers correctly below):

$ podman run --rm -it --userns=keep-id:uid=1001,gid=0 registry.access.redhat.com/ubi9/python-311:latest cat /proc/self/gid_map
         0          0          1
         1          1      65536

podman info output

$ podman version 
Client:       Podman Engine
Version:      4.9.4-dev
API Version:  4.9.4-dev
Go Version:   go1.21.7 (Red Hat 1.21.7-1.module_el8+960+4060efbe)
Built:        Wed Feb 21 18:03:29 2024
OS/Arch:      linux/amd64

Running on CentOS Stream 8



### Podman in a container

No

### Privileged Or Rootless

Rootless

### Upstream Latest Release

Yes

### Additional environment details

_No response_

### Additional information

_No response_
@reenberg reenberg added the kind/bug Categorizes issue or PR as related to a bug. label Mar 18, 2024
@giuseppe giuseppe mentioned this issue Mar 18, 2024
Merged
@giuseppe
Copy link
Member

opened a PR: #22080

giuseppe added a commit to giuseppe/libpod that referenced this issue Mar 18, 2024
@giuseppe
utils: do not generate duplicate range
816c727 
do not generate a duplicated range when --userns=keep-id:uid=0 or
--userns=keep-id:gid=0 are used.

Closes: containers#22078

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@stale-locking-app stale-locking-app bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Jun 19, 2024
@stale-locking-app stale-locking-app bot locked as resolved and limited conversation to collaborators Jun 19, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

utils: do not generate duplicate range giuseppe/libpod
2 participants
@reenberg @giuseppe