I'm getting started with running Docker 20.10.14 in rootless mode on Linux Mint 20 (based on Ubuntu 20.04). I've created a user named dockerd for this, UID 127 (with group dockerd, GID 139) and added the following to both /etc/subuid and /etc/subgid
dockerd:200000:65536
Now, inside a Docker container run by this dockerd user I create a file on the host file system (via a bind-mounted directory).
- If I create it as UID 1000 in the container it maps to user 200999 on the host.
- If I create it as UID 1 (user
daemon) in the container it has UID 200000 on the host. - If I create it as UID 0 (user
root) in the container it has UID 127 on the host.
So it appears that the sub-UID/sub-GID bindings are "1-based" and do not include UID 0. Is this how it's supposed to work or am I doing something wrong? Shouldn't I be able to map the root user in the container to as UID of my choice on the host? If so, how do I do that?
From https://unix.stackexchange.com/a/397168/107961
dockremap:165536:65536165536 is the system UID to start the UID mapping at (Which will be UID 0 in the container)
... it sounds like the first UID in the mapping should map to UID 0, but that's not what I'm seeing.
Another weird thing is that a file owner by UID 0 on the host is owned by UID 65534 (nobody) in the container. Is that supposed to happen?
