https://www.scrivano.org/tags/buildah/ Recent content in Buildah on *scratch* Hugo en Sat, 06 Jun 2026 10:03:54 +0000 https://www.scrivano.org/2018/02/25/current-status-problems-running-buildah-non-root/ Sun, 25 Feb 2018 13:59:14 +0000 https://www.scrivano.org/2018/02/25/current-status-problems-running-buildah-non-root/ <p>Having Buildah running in a user namespace opens the possibility of building container images as a non-root user. I’ve done some work to get <a href="https://github.com/projectatomic/buildah">Buildah</a> running inside a user container, where it can still create and modify container images without any elevated privileges on the host. This is useful for CI environments and shared systems where granting root or setuid access is not acceptable.</p> <p>There are still some open issues to get it fully working. The biggest open one is that <em>overlayfs</em> cannot be currently used as non root user. There is some work going on, but this will require changes in the kernel and the way extended attributes work for overlay. The alternative is far from ideal and it is to use the <em>vfs</em> storage driver, but it is a good starting point to get things moving and see how far we get. (Another possibility that doesn’t require changes in the kernel would be an OSTree storage for Buildah, but that is a different story).</p>