|
|
|
|
|
|
by zamalek
894 days ago
|
|
|
With the default Docker installation, root in a container is root on the host. uid 1234 is uid 1234 on the host. With Podman (and Docker rootless), subuids/subgids[1] are _usually_ used. Root in the container is root only within the Linux user namespace. You can map users to real users, including yourself and root - which is how distrobox works, but it's secure by default: your subordinate users can't even access your resources. The primary limitation of rootless is networking, the kernel doesn't have a built-in way to do rootless networking in the way that you want for containers. [1]: https://www.man7.org/linux/man-pages/man5/subuid.5.html |
|
|