Add troubleshooting advice about the --userns option.

Also a link to the troubleshooting guide into the issue template. Replaces: https://github.com/containers/podman/pull/9770 Signed-off-by: Josh Berkus <josh@agliodbs.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-06-23 02:18:13 +08:00 · 2021-03-19 13:25:34 -07:00
parent 2039be00d1
commit 166149b12d
2 changed files with 11 additions and 2 deletions
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@ -67,7 +67,8 @@ Briefly describe the problem you are having in a few paragraphs.
 (paste your output here)
 ```

-**Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?**
+**Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)**
+

 Yes/No

--- a/troubleshooting.md
+++ b/troubleshooting.md
@ -23,7 +23,7 @@ touch: cannot touch '/content/file': Permission denied

 #### Solution

-This is usually caused by SELinux.
+This is sometimes caused by SELinux, and sometimes by user namespaces.

 Labeling systems like SELinux require that proper labels are placed on volume
 content mounted into a container. Without a label, the security system might
@ -47,6 +47,14 @@ will disable SELinux separation for the container.

 $ podman run --security-opt label=disable -v ~:/home/user fedora touch /home/user/file

+In cases where the container image runs as a specific, non-root user, though, the
+solution is to fix the user namespace.  This would include container images such as
+the Jupyter Notebook image (which runs as "jovyan") and the Postgres image (which runs
+as "postgres").  In either case, use the `--userns` switch to map user namespaces,
+most of the time by using keep_id option.
+
+$ podman run -v "$PWD":/home/jovyan/work --userns=keep_id jupyter/scipy-notebook
+
 ---
 ### 3) No such image or Bare keys cannot contain ':'