We want to use docker in user namespace as the files created in the docker container should be owned by the correct host user.
OS: CentOS 7.7
What we have done so far:
- enableing user namespace on kernel with
sudo grubby --args="namespace.unpriv_enable=1 user_namespace.enable=1" --update-kernel=/boot/vmlinuz-3.10.0-1062.el7.x86_64
- setting max_user_namespace with
sudo su -c 'echo "user.max_user_namespaces=15064" > /etc/sysctl.d/00-namespaces.conf'
- reboot the machine
The daemon.json looks like
{
"insecure-registries":[ "xxx"
],
"registry-mirrors": ["xxx"],
"userns-remap": "myuser"
}
also the SUB-IDs are existing
Also SUB-IDs are there
/etc/subgid → myuser:165536:65536
/etc/subuid → myuser:165536:65536
on /var/lib/docker/ we see also
drwx--x--- 13 root 165536 167 Jan 14 11:43 165536.165536
When running docker run hello-world
everything works as expected
Running docker run --rm -it -v /home/myuser/test:/test/ -it busybox
end in following error
docker: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: rootfs_linux.go:76: mounting "/home/myuser/test" to rootfs at "/test" caused: stat /home/myuser/test: permission denied: unknown.
Why does that happen and how can we solve that?