When enabling user namespacing, following the instructions at Isolate containers with a user namespace, the actual results differ from what the documentation states.
- Verify that a namespaced directory exists within /var/lib/docker/ named with the UID and GID of the namespaced user, owned by that UID and GID, and not group-or-world-readable. Some of the subdirectories are still owned by root and have different permissions.
Actual results are that the directory is created with different ownership. On my installations, it is owned by root:docker. This issue was brought up previously (#1259) but was closed on the basis that Docker was functioning as intended. The author attempted to focus on the fact that the "as intended" behavior differs from the documentation, and one of the collaborators agreed that the documentation should be updated.
That ticket was not re-opened, however, and it doesn't seem like any of the comments after its original closure have generated any activity. Indeed, 5 years later, the documentation still differs from actual behavior.
When enabling user namespacing, following the instructions at Isolate containers with a user namespace, the actual results differ from what the documentation states.
Actual results are that the directory is created with different ownership. On my installations, it is owned by
root:docker. This issue was brought up previously (#1259) but was closed on the basis that Docker was functioning as intended. The author attempted to focus on the fact that the "as intended" behavior differs from the documentation, and one of the collaborators agreed that the documentation should be updated.That ticket was not re-opened, however, and it doesn't seem like any of the comments after its original closure have generated any activity. Indeed, 5 years later, the documentation still differs from actual behavior.