Docker Community Forums

Share and learn in the Docker community.

Bind mounting permissions with USER broken using rootless docker

I want to bind mount a directory running as the same user inside the container as on the host. I also need to run using a rootless dockerd.

Running under regular docker daemon

Everything works fine.
user rohan:rohan uid/gid = 1000 on both host and container

rohan@host:~$ sudo docker run -it -w /home/rohan -u rohan:rohan \
  -v /home/rohan/foo:/home/rohan/foo  myimage
rohan@1561e2978b6b:~$ ls -ld foo && touch foo/bar
drwxrwxr-x 9 rohan rohan 4096 Jan 29 04:12 foo/ 
rohan@1561e2978b6b:~$

Running under rootless docker daemon

Mounted files show up as root.
user rohan:rohan uid/gid = 1000 on both host and container
/etc/subuid and subgid has rohan:100000:65536

rohan@host:~$ docker run -it -w /home/rohan -u rohan:rohan \
  -v /home/rohan/foo:/home/rohan/foo  myimage
rohan@8c1da912d7e8:~$ ls -ld foo && touch foo/bar
drwxrwxr-x 9 root root 4096 Jan 29 04:12 foo/ 
touch: cannot touch 'foo/bar': Permission denied
rohan@8c1da912d7e8:~$ sudo chown -R rohan:rohan foo
rohan@8c1da912d7e8:~$ ls -ld foo && touch foo/bar
drwxrwxr-x 9 rohan rohan 4096 Jan 29 04:12 foo/ 
rohan@8c1da912d7e8:~$

(meanwhile in another shell)
rohan@host:~$ ls -ld foo && touch foo/bar
drwxrwxr-x 9 100999 100999 4096 Jan 29 04:12 foo/ 
touch: cannot touch 'foo/bar': Permission denied

Is there something I can do with the daemon configuration or subuid/subgid configuration to make this work as it does in the rooted dockerd scenario?