Demo: use the eBPF tool Inspektor Gadget to detect how to set --userns keep-id:uid=$uid,gid=$gid
#20004
eriksjolund
started this conversation in
Show and tell
Demo: use the eBPF tool Inspektor Gadget to detect how to set `--userns keep-id:uid=$uid,gid=$gid`
#20004
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Inspektor Gadget (https://www.inspektor-gadget.io) is an eBPF tool and systems inspection framework.
I used it to trace all
open()system calls in a container directory because I wanted to knowhow to set
$uidand$gidin thepodman runoptionThe use case I'm considering is when a container starts to run as root (
--user 0:0) but later drops privileges and runs as a different user. I would like that non-root user to be mapped to the regular user on the host.The demo can be found here:
https://github.com/eriksjolund/podman-map-uid-docs#example-trace-open-system-calls-in-an-nginx-container-with-inspektor-gadget
Beta Was this translation helpful? Give feedback.
All reactions