Run rootful container with userns=auto fails due to "wrong" file ownership

[florentulve]

Hi,

I am confronted to an issue with podman rootfull dans userns=auto and the redis image from the docker library : https://hub.docker.com/_/redis

Its entrypoint check the ownership of the current directory and chown if needed.

#### allow the container to be started with --user`

if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then
find . ! -user redis -exec chown redis '{}' +
exec gosu redis "$0" "$@"
fi`

source: https://github.com/redis/docker-library-redis/blob/master/docker-entrypoint.sh

It fails with userns=auto because the working directory ownership is not the redis 999 user as shown below:

My subuid and subgid contains

containers:2147483647:2147483648

If i check the underlying filesystem:

`ls -alnZ /var/lib/containers/storage/overlay/85fa5b943e569816e1fb2627827e35c06f166e0079d6fa153c4d2d58273eed73/merged

lrwxrwxrwx. 1 2147583647 2147583647 system_u:object_r:container_file_t:s0:c655,c984 7 Sep 4 11:00 bin -> usr/bin/
drwxr-xr-x. 1 2147583647 2147583647 system_u:object_r:container_file_t:s0:c655,c984 0 Aug 14 18:10 boot/
drwxr-xr-x. 1 2147584646 2147584646 system_u:object_r:container_file_t:s0:c655,c984 0 Sep 5 01:09 data/
drwxr-xr-x. 1 2147583647 2147583647 system_u:object_r:container_file_t:s0:c655,c984 0 Sep 4 11:00 dev/`

2147583647 -> 0
2147584646 -> 2147583647 + 999(redis user)

I realy don't understand why inside the container the 2147584646 user is reported as 65534 noboby as shown in the screen above.

Podman version affected 5.2.2
This works with podman 4.3.1

[florentulve]

fixed in #23977