User namespacing

I need the ability for a specific unprivileged user to have access to the data in all containers. I’m using overlayfs, and have set the --userns-remap flag on dockerd to the user. All my images are created so that the same user is created within the container (with the same uid), but when i change to the user in the Dockerfile it fails with the following error;

docker: Error response from daemon: invalid header field value "oci runtime error: container_linux.go:247: starting container process caused \"invalid argument\"\n".

If the “USER” instruction is at the very end of the Dockerfile it will successfully create the image but the above error shows when trying to run a container with the image. If i remove --userns-remap, everything works fine. If i remove “USER” instruction, the container will boot up but is running as root within the container.

Managed to fix it.

I’d only allowed the host UID for the user to be used in /etc/subuid. adding another range has solved the issue