Bugzilla – Bug 1212118
[crun] "run.oci.keep_original_groups=1" causes "cannot find name for group ID" error
Last modified: 2023-06-07 20:45:33 UTC
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Build Identifier: Podman's `--group-add keep-groups` flag (`run.oci.keep_original_groups=1`) is useful for inheriting $USER's groups inside the container (see https://www.redhat.com/sysadmin/files-devices-podman). This feature requires `crun` instead of `runc` runtime and it works as expected with Tumbleweed when accessing files. However, since the inherited groups don't actually exist in the container, they're mapped to `nobody` in Fedora while Tumbleweed throws this error: > $ podman run --group-add keep-groups fedora groups > root nobody > > $ podman run --group-add keep-groups tumbleweed groups > root 65534 > groups: cannot find name for group ID 65534 I'm not sure if this behavior is designed this way or if we can improve it somehow :) Reproducible: Always Steps to Reproduce: 1. $ zypper install crun podman 2. $ podman run --group-add keep-groups tumbleweed groups Actual Results: root nobody Expected Results: root 65534 groups: cannot find name for group ID 65534 N/A
(FIY: mixed up Actual Results with Expected Results)