Have you ever faced a situation where you needed to build a Docker image from a `Dockerfile`, but the environment didn't allow running as root or using privilege escalation? I recently encountered this issue and noticed that buildkit, Docker, buildah, and Podman lack support for this scenario. I had to think outside the box to work around these limitations. Check out my article that outlines how I managed to build Docker images without root access. It includes background context and example code. Feel free to take a look!
2 Answers
Just to clarify, Podman should allow non-root operations by default. I'm curious why you suggest it doesn't work that way in your experience!
I've been able to do this easily using Podman. It seems like there’s a misunderstanding in your article. You should give it another shot!
Actually, I think the article is correct. You need to really test running as a non-root user with privilege escalation turned off—that's likely what he meant.
Podman actually relies on setuid binaries that require root to set up namespaces. This is discussed in the article, so I suggest checking that part to understand better.