So I’m trying to do this Isolate containers with a user namespace | Docker Docs
I’m trying to simply map my local user jove (1000) to the root(0) in the container.
I have added this to the /etc/subgid and subid

jove:1000:1

and I have tried

jove:1000:1
jove:1001:65536

When I run docker-compose up I get this:

ERROR: failed to register layer: ApplyLayer exit status 1 stdout:  stderr: Container ID 44 cannot be mapped to a host ID

Firstly I don’t get what the values in those files actually do other than that the last one says how many from the first one it should use. But how does it tell to map 0 to 1000?
I have googled for this a few hours now and all guides are different, some start at 1000 and some start at 100000 or more.

The docker one says they use

testuser:231072:65536

Is mapped like this

UID 231072 is mapped within the namespace (within the container, in this case) as UID 0 ( root ). UID 231073 is mapped as UID 1 ,

Which makes me even more confused on what decides what is mapped as what.
I have also tried 231072:65536, but they all result in error.
How do you set this up?

I have now tried this

jove:1000:12312365536

And it worked! Now, I would like to know why as I currently don’t know what I have done other than that it worked. Files created as root in the container is now owned by my user jove on the host, success!

Biggest question I have is how 1000 is mapped to 0 in the container as I have only specified 1000. Is the first one always 0? a new line is first line start + count + 1? Or just pure wizardry?