Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow multiple users to run Docker rootless #491

Open
daks opened this issue Nov 4, 2024 · 6 comments
Open

Allow multiple users to run Docker rootless #491

daks opened this issue Nov 4, 2024 · 6 comments
Assignees
@konstruktoid

Comments

@daks
Copy link

daks commented Nov 4, 2024

Hello,

if I understand correctly the code, currently it only allows configuring one user to run Docker rootless.
I would like to be able to run a list of users. I think running rootless containers with different users may be a way to improve security further (no access to each other files for example).

Do you think it could be added?
@konstruktoid
Copy link
Owner

Hi @daks, good idea. I'll have a look and see how it can be achieved.

@jdaln
Copy link

jdaln commented Feb 6, 2025
edited
Loading

Hello! I actually have the same request please, now that I am starting to take this into use.
From a user perspective, how I would see this is that this would be an array:

docker_user: ["dockeruser1", "dockeruser2"]

Currently I was trying to setup a shared dockeruser and found this issue, when running the playbook: #543

@konstruktoid
Copy link
Owner

Sorry for not getting back to this earlier, I'll see what I can do.

@konstruktoid
Copy link
Owner

One of the issues is that it will be alot of loops, since everything is basically copied to the docker_user.

@jdaln
Copy link

jdaln commented Feb 7, 2025

At least I like the dockeruser being dockeruser. What was you use case @daks ?

@daks
Copy link
Author

daks commented Feb 11, 2025

Hi, as stated before my use case is to configure multiple users to use Docker rootless, and wanted to have the role to install and configure it for each.

My idea was to

  1. either extend docker_user variable to be able to support a single element (like it is right now) or a list.
  2. either add a docker_users (with S final) variable to have a list of users, not changing the existing docker_user one

In my idea, in case 1. you can imagine deprecating the use of a single element later, or let both be possible. And the implementation would mean to manage an internal variable equal to [docker_user] if it's a single element, or directly the list. I have no idea how it could be done in Ansible.
In case 2, the implementation is simple, you just need to loop over the list when provided. The docker_user variable could also be deprecated later.

I haven't worked on this since I opened this issue so I'm not sure how those ideas are easy to implement. I may find some time later but no idea when.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@konstruktoid konstruktoid

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@daks @konstruktoid @jdaln