On Wed, Mar 3, 2021 at 4:15 PM Roberto Ragusa <m...@robertoragusa.it> wrote: > On 2/25/21 10:43 AM, Emond Papegaaij wrote: > > We are hardening our services and would like to run postfix as a > > non-root user. All our primary services, including postfix run as > > docker containers. > > If you are inside a container, can't you just run the container > unprivileged? > The software will think to be root in the container but > at the host level it is just a standard user. > > Actually you can have root and some users in the container, > they all map to different normal users on the host. > Definitely doable with podman, no experience with docker.
As far as I understand it, this is what rootless docker does. It also uses subuid. We will be investigating that in the future. However, this is a bit harder to setup. Best regards, Emond
