Skip to content

Add validation tests for image volumes with user namespaces #1979

New issue
New issue
Open
Open
Add validation tests for image volumes with user namespaces#1979
Assignees
AutuSnow
Labels
kind/featureCategorizes issue or PR as related to a new feature.sig/nodeCategorizes an issue or PR as relevant to SIG Node.
@AutuSnow

Description

@AutuSnow
AutuSnow
opened on Jan 27, 2026

What would you like to be added:

Add validation tests for image volumes with user namespaces to ensure CRI implementations correctly handle idmap mounts for image volumes when pods use user namespaces.

Why is this needed:

container images as read-only volumes. When using user namespaces , the file ownership in these volumes needs to be correctly mapped using idmap mounts so that files appear with the correct ownership inside the container's user namespace.

Without proper idmap support, files in image volumes would appear with incorrect ownership inside containers using user namespaces, potentially breaking applications that rely on specific file permissions.
containerd/containerd#12816

Metadata

Metadata

Assignees

Labels

kind/featureCategorizes issue or PR as related to a new feature.sig/nodeCategorizes an issue or PR as relevant to SIG Node.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions