Permission denied when using userns-remap and writing to a directory mounted from the host

nestybox · November 22, 2019, 3:05am

Hi Danilo,

Belated answer but hopefully it will help.

When you configure Docker’s “/etc/docker/daemon.json” file with {“userns-remap”: “test”}, Docker will not map root in the container to user test in the host as you are expecting. It will map root in the container to the first user-ID from within the subid range for user test, as found in /etc/subuid and /etc/subgid.

In your case it happens to be user-ID 165536 on the host.

This implies that in order for root in the container to be able to write to a bind-mounted directory, the bind-mounted directory must be owned by user-ID 165536 on the host.

FYI, I recently founded a company called Nestybox, that has developed a container runtime (aka runc) that enables Docker to launch containers that always use exclusive userns mappings per container, yet support bind-mounts into the container without requiring that you modify permissions on the bind mount source.

If this sounds interesting, the software is free to download as we are looking for adopters.

Hope this helps!

Topic		Replies	Views
Usernsremap causing permissions issues General docker	6	3324	November 25, 2021
Docker userns-remap permissions issue General docker	1	3310	November 22, 2019
Docker and userns-remap : using specific user or group permissions for volumes General security , docker	0	1474	December 4, 2020
Userns-remap with useradd during build General docker , build	0	648	September 23, 2020
File system mounted to Docker Container with user-remap General docker	0	615	November 17, 2021

Permission denied when using userns-remap and writing to a directory mounted from the host

Related topics