I would like to ensure that any user inside my docker container always maps to a specific user on my docker host. I have tried using this reference https://stackoverflow.com/a/35854547/1020678
The user name in /etc/subuid seems to be used strictly as a key for mapping to the value: <start id>:<range>, but apart from that it seems to serve no purpose..
What really confuses me is the need of a user in /etc/subuid, when this user doesn't seem to have permission to write to the filesystem when mounting volumes in the docker container.
Having followed the example in the link, I do the following as the user ns1:
$ mkdir test && docker run -ti -v $(pwd)/test:/tmp alpine touch /tmp/foobar
returns: touch: /tmp/foobar: Permission denied
It seems like the user ns1 has no benefits of --userns-remap=ns1, so then why is this user required when enabling user namespaces for ns1-root and ns1-user1? These users can write to the docker volume when permissions are set correctly, but why not ns1?
Is it possible to achieve my goal, or do I have to explicitly define all users/groups both inside and outside my container, using the offset of the start id in /etc/subuid (500000 in the example I linked to)?
