Remco van 't Veer <re...@remworks.net> writes:
> Hi Maxim and Zimoun, > > 2023/02/09 13:26, Remco van 't Veer: > >> I think I know what is causing the issue. Both the "standard" mysql and >> postgres containers use user-id 999 to run the database service (this >> seems like a common practice because the redis container is configured >> similarly). That user-id is also configured as guixbuilder01 so I guess >> the guix daemon is killing those when processes when it finishes doing >> builds. > > I found a solution / workaround for this problem by using > "userns-remap". This feature allows the remapping of uids and guids to > different ranges. I tried it by hacking the required files into my > etc-directory and it works; guix no long kills my database containers. > > I'd like to add this feature to docker-service-type having a new > configuration option named enable-userns-remap? which introduces a new > user and group (both named dockremap) to do the remapping by adding some > configurable number to the uids and guids of the running container. In > /etc/subuid and /etc/subgid it would look like: > > dockremap:100000:65536 > > See https://docs.docker.com/engine/security/userns-remap/ for > documentation about this. > > WDYT? > > Cheers, > Remco The rootless podman example that was shared a few months ago could be relevant to this, since that also adds a subuid/subgid mapping.
