Access To /runner/.ssh Is Prevented With MacOS and Docker Desktop

[timway]

ISSUE TYPE

• Bug Report

SUMMARY

When running on MacOS with Docker Desktop the .ssh directory from outside the container is bind mounted into the container. The user is set for the container to the UID outside the container. This prevents using SSH keys that are not passphrase protected inside the container.

ANSIBLE-NAVIGATOR VERSION

% ansible-navigator --version
ansible-navigator 3.4.0

CONFIGURATION

No additional configuration

LOG FILE

STEPS TO REPRODUCE

• Using MacOS, Python provided by MacOS, Ansible Navigator installed
• Configure a target machine with SSH key based authentication not using a key with a passphrase
• Try to use ansible-navigator

EXPECTED RESULTS

The container has access to the hosts $HOME/.ssh

ACTUAL RESULTS

% ansible-navigator exec bash
bash-5.2$ ls $HOME/.ssh
ls: cannot access '/runner/.ssh': No such file or directory
bash-5.2$ id -a
uid=501(501) gid=0(root) groups=0(root)

ADDITIONAL INFORMATION

It seems the container runtime is checked in the code to see if it is Podman. If so then it runs as root inside the container. Presumably this is assumed it's Podman running as a non-privileged user outside the container although it doesn't appear to check the UID of the user starting the runtime so this might be dubious as well.

I'm not sure what the best answer is for this problem because the project files are bind mounted as well into the container. I did test with:

---
ansible-navigator:
  execution-environment:
    container-options:
      - --user=root

Using those options everything worked will inside the container, it could access the /runner/.ssh directory. Files created in the project directory during execution within the container are mapped back out as the UID of the user outside of the container by Docker Desktop despite being root inside the container (similar to sub-uid behavior in user mode Podman).