[pve-devel] [PATCH container 0/2] oci create: honor `User` from OCI image config

[Maximiliano Sandoval]

Filip Schauer <f.schauer at proxmox.com> writes:

> Honor a custom user and group specified for the entrypoint via the OCI
> image config `User` field instead of ignoring it.
>
> This requires the following patch for LXC in order to work properly:
> https://github.com/lxc/lxc/pull/4626
>
> With these patches applied, docker.io/weblate/weblate starts with the
> correct uid and groups instead of the default uid=0(root) gid=0(root)
> groups=0(root).

I tested this patch together with the patch for LXC and it allows to run
containers where the entry point is expected to run as a given user.

One thing is that came up during testing (that was already discussed
offlist) is that mount points should inherit the uid:gid if the
directory already exists in the container image.

Tested-by: Maximiliano Sandoval <m.sandoval at proxmox.com>
-- 
Maximiliano