Rootless Docker + Unprivileged user Bind Mounts

Hello everyone,

is it possible to have an external volume attached under different permissions than root:root?

I’m running a rootless docker instance, where the service inside the container needs to persist some data. Naturally, I’d use a volume for that, however, volumes are mounted under root:root perms, meaning the service running under a different, unprivileged, user does not have rw access to it.

It’s not possible to change the perms during build-time as the directory gets overlayed by the mount, and can’t change them on runtime as the service starts unprivileged.

Already tried creating a directory inside the mount on the host, with the same UID:GID as the user inside the container, but no, even that dir gets chown’d to root:root.

Only other solution I can think of is starting the container as root, chowning the mount, then su to the unprivileged user to run the service.