What would you like to be added:
Add validation tests for image volumes with user namespaces to ensure CRI implementations correctly handle idmap mounts for image volumes when pods use user namespaces.
Why is this needed:
container images as read-only volumes. When using user namespaces , the file ownership in these volumes needs to be correctly mapped using idmap mounts so that files appear with the correct ownership inside the container's user namespace.
Without proper idmap support, files in image volumes would appear with incorrect ownership inside containers using user namespaces, potentially breaking applications that rely on specific file permissions.
containerd/containerd#12816
What would you like to be added:
Add validation tests for image volumes with user namespaces to ensure CRI implementations correctly handle idmap mounts for image volumes when pods use user namespaces.
Why is this needed:
container images as read-only volumes. When using user namespaces , the file ownership in these volumes needs to be correctly mapped using idmap mounts so that files appear with the correct ownership inside the container's user namespace.
Without proper idmap support, files in image volumes would appear with incorrect ownership inside containers using user namespaces, potentially breaking applications that rely on specific file permissions.
containerd/containerd#12816