[pve-devel] [PATCH container v2 0/2] oci create: honor `User` from OCI image config
Filip Schauer
f.schauer at proxmox.com
Wed Jan 21 17:00:16 CET 2026
Honor a custom user and group specified for the entrypoint via the OCI
image config `User` field instead of ignoring it.
This requires the following patch for LXC in order to work properly:
https://github.com/lxc/lxc/pull/4626
With these patches applied, docker.io/weblate/weblate starts with the
correct uid and groups instead of the default uid=0(root) gid=0(root)
groups=0(root).
Changes since v1:
* Move OCI User resolving code to separate sub
* chomp $line before interpreting fields
* Prevent rootfs escape when following /etc/passwd & /etc/group symlinks
* Fix $username search in get_supplementary_groups
Filip Schauer (2):
config: add `lxc.init.uid`/`gid`/`groups` keys
oci create: honor User from OCI image config
src/PVE/LXC/Config.pm | 3 ++
src/PVE/LXC/Create.pm | 82 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 85 insertions(+)
--
2.47.3
More information about the pve-devel
mailing list