opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-06 19:44:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #25106 from Fak3/patch-1

Browse Source 
docs: mount.md - idmapped mounts only work for root user
This commit is contained in:
openshift-merge-bot[bot]
2025-01-27 11:36:09 +00:00
committed by GitHub
parent 3b6c7665b9 016f41ab49
commit c76c13f179
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/source/markdown/options/mount.md
View File

@ -31,6 +31,7 @@ Options specific to type=**volume**:
- *U*, *chown*: *true* or *false* (default if unspecified: *false*). Recursively change the owner and group of the source volume based on the UID and GID of the container. - *U*, *chown*: *true* or *false* (default if unspecified: *false*). Recursively change the owner and group of the source volume based on the UID and GID of the container.
- *idmap*: If specified, create an idmapped mount to the target user namespace in the container. - *idmap*: If specified, create an idmapped mount to the target user namespace in the container.
The idmap option is only supported by Podman in rootful mode. The Linux kernel does not allow the use of idmaped file systems for unprivileged users.
The idmap option supports a custom mapping that can be different than the user namespace used by the container. The idmap option supports a custom mapping that can be different than the user namespace used by the container.
The mapping can be specified after the idmap option like: `idmap=uids=0-1-10#10-11-10;gids=0-100-10`. For each triplet, the first value is the The mapping can be specified after the idmap option like: `idmap=uids=0-1-10#10-11-10;gids=0-100-10`. For each triplet, the first value is the
start of the backing file system IDs that are mapped to the second value on the host. The length of this mapping is given in the third value. start of the backing file system IDs that are mapped to the second value on the host. The length of this mapping is given in the third value.
@ -53,7 +54,7 @@ Options specific to **bind** and **glob**:
- *relabel*: *shared*, *private*. - *relabel*: *shared*, *private*.
- *idmap*: *true* or *false* (default if unspecified: *false*). If true, create an idmapped mount to the target user namespace in the container. - *idmap*: *true* or *false* (default if unspecified: *false*). If true, create an idmapped mount to the target user namespace in the container. The idmap option is only supported by Podman in rootful mode.
- *U*, *chown*: *true* or *false* (default if unspecified: *false*). Recursively change the owner and group of the source volume based on the UID and GID of the container. - *U*, *chown*: *true* or *false* (default if unspecified: *false*). Recursively change the owner and group of the source volume based on the UID and GID of the container.