Support multiple uid/gid mappings [1/2] #10307
Open
+265
−49
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Enhance user namespace implementation to support multi-entry uid/gid mappings.
This is 1st patch (out of 2) that supports multiple entries of uid/gid configurations. This patch focuses on the "slow" path that requires
chown
on every file in the root FS. uidmapped mounts implementation will be covered in a separate PR.This implementation has changes in the following area:
IdentityMapping
implementation fromidtools
package in Moby.--uidmap, --gidmap
options inctr run
command.chown
An sample command to run a container with remapped
foo
user:I hope the implementation makes sense and I'm looking forward to your feedback :)