I am starting to learn about containers using podman that came with RHEL8.1 (which AFAIK can be used in place of docker), and have the following baby Dockerfile as a learning exercise:
# Use Alpine Linux base imageFROM alpine:latest# Install pacakgesRUN apk --no-cache add bash gcc make# Make a directory for source codeRUN mkdir /src_dir# Set working directory to the same directoryWORKDIR /src_dir# Set this directory as a volumeVOLUME [ "/src_dir" ]As you can see, I've installed the most basic gcc and make into this container with the goal of mounting a set of source files on my container host into the /src_dir directory within the container.
I next build the container image in the host directory containing the Dockerfile:
podman build -t my_image .I then start the container with this command
podman run -it -v /host/foobar:/src_dir /bin/bashWhere /host/foobar/ on my host is an arbitrary directory containing some arbitrary source code, all of which my local user on the host has full read/write access to. For example, there is one file /host/foobar/test.c. This then brings me to a bash prompt inside the container. I can see that I'm at the correct place because:
bash-5.0# pwd/src_dirHowever, I have absolutely no read/write access to /src_dir. Both ls -lh and cat test.c gave me permission denied errors. If I change to the root directory (or any other directory) of the container, I can see and access other things. Strangely, if I run ls -lh / I can see /src_dir as being owned by root:root, so I don't understand why as the container's root user I can't access anything in it.
I also tried podman inspect [container ID], and in the output I can see:
..."Mounts": [ {"Type": "bind","Name": "","Source": "/host/foobar","Destination": "/src_dir","Driver": "","Mode": "","Options": ["rbind" ],"RW": true,"Propagation": "rprivate" } ]...Which suggests that there is read/write permission?
Perhaps I'm missing something obvious as a beginner, but what do I have to do so that I can run the gcc and make inside this container on the source files mounted in /src_dirso that the container essentially acts as a complete development environment?
Thank you!
P.S. I've read that it's a good idea to use a separate non-root user in the container, but I haven't figured that out yet... Is this easy to achieve given my situation?