User namespace – Why ecs_agent container launch as root owner?

Below is the ECS optimised AMI machine:

$ cat /etc/os-release
NAME="Amazon Linux AMI"
VERSION="2018.03"
ID="amzn"
ID_LIKE="rhel fedora"
VERSION_ID="2018.03"
PRETTY_NAME="Amazon Linux AMI 2018.03"
ANSI_COLOR="0;33"
CPE_NAME="cpe:/o:amazon:linux:2018.03:ga"
HOME_URL="http://aws.amazon.com/amazon-linux-ami/"
$
$

Using UserData section of CloudFormation template, below configuration is enforced to configure user namespace in docker daemon:

$ echo testuser:165536:65536 > /etc/subuid
$ echo testuser:165536:65536 > /etc/subgid
$ echo '{"debug":true, "userns-remap":"testuser"}' > /etc/docker/daemon.json

but ecs_agent is still starting as root but not as testuser.


UserData section of cloud formation template runs at boot time of EC2 instance. /var/log/docker shows no error.

Why docker daemon in ECS instance launch ecs_agent as root owner? after configuring user namespace…..

Source: StackOverflow