Demo: use the eBPF tool Inspektor Gadget to detect how to set --userns keep-id:uid=$uid,gid=$gid

[eriksjolund]

Inspektor Gadget (https://www.inspektor-gadget.io) is an eBPF tool and systems inspection framework.
I used it to trace all open() system calls in a container directory because I wanted to know
how to set $uid and $gid in the podman run option

--userns keep-id:uid=$uid,gid=$gid

The use case I'm considering is when a container starts to run as root (--user 0:0) but later drops privileges and runs as a different user. I would like that non-root user to be mapped to the regular user on the host.

The demo can be found here:

https://github.com/eriksjolund/podman-map-uid-docs#example-trace-open-system-calls-in-an-nginx-container-with-inspektor-gadget