Special Considerations for Non Administrator Containers
Review the following special considerations when you're running containers as a non administrator:
- The storage path for the host container is different for root users
(
/var/lib/containers/storage
) and non administrator users (HOME/.local/share/containers/storage
). - Non administrators running containers are provided special permission to run as a range of user and group IDs on the host system. However, they have no root privileges to the host OS.
- In cases where a non administrator needs to change the
/etc/subuid
or/etc/subgid
manually, the changes take effect only after issuing thepodman system migrate
command. - Some system features are uneditable by non administrators. For example, non administrators
are unable to change the system clock by setting a
SYS_TIME
capability inside a container and running the network time service (ntpd
). - A non administrator container is unable to access a port numbered less than 1024.