Why is rootless docker still running as root inside container?

Newskooler

3/7/24, 1:46 PM

From a non-root testuser which is a non sudo account, I have installed a rootless docker following the instruction here (Ubuntu without package).

When I start a container and go inside it by running docker exec -it my_container bash then checking whoami I get: root instead of testuser. In addition, files and folders which are named volumes owned by testuser are not mounted and owned by root. The docker daemon is running from testuser since I am running that daemon from a systemctl --user.

This is quite confusing.

Why is the docker not running as root inside the container?
Why are the mounted volumes all of a sudden with a different ownership?

I checked this answer here, but it notes that when the daemon is running as root - that's normal, however that's not the case with my rootless setup.

177

1 + 0

permissions

mount

systemd

docker

Score:0

Ubuntu

Kevin

6/7/24, 7:15 PM

This is because the container is running under a different user namespace. root (0) in the container is probably mapped to your user ID on the host.

https://docs.docker.com/engine/security/userns-remap/

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Why is rootless docker still running as root inside container?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.