From 5aabc5088a921ffef3b4b64b0b4137ac714b2b96 Mon Sep 17 00:00:00 2001
From: Philipp Wagner <phw@ibm.com>
Date: Mon, 3 Jul 2023 17:01:56 +0200
Subject: [PATCH 1/2] [CI:DOCS] Better document the default value of --userns

Better document which value `podman run --userns` has if no default
value is specified. Also improve documentation of "host" being an alias
for "".

Fixes #15764

Signed-off-by: Philipp Wagner <phw@ibm.com>
---
 docs/source/markdown/options/userns.container.md | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/docs/source/markdown/options/userns.container.md b/docs/source/markdown/options/userns.container.md
index 6c24f0aa69..6b9df73636 100644
--- a/docs/source/markdown/options/userns.container.md
+++ b/docs/source/markdown/options/userns.container.md
@@ -4,7 +4,14 @@
 ####> are applicable to all of those.
 #### **--userns**=*mode*
 
-Set the user namespace mode for the container. It defaults to the **PODMAN_USERNS** environment variable unless `--pod` is specified. An empty value ("") means user namespaces are disabled unless an explicit mapping is set with the **--uidmap** and **--gidmap** options.
+Set the user namespace mode for the container.
+
+If `--userns` is not set the default value is determined as follows.
+- If `--pod` is set, `--userns` is ignored and the user namespace of the pod is used.
+- If the environment variable **PODMAN_USERNS** is set its value is used.
+- Otherwise, `--userns=host` is assumed.
+
+`--userns=""` (i.e., an empty string) is an alias for `--userns=host`.
 
 This option is incompatible with **--gidmap**, **--uidmap**, **--subuidname** and **--subgidname**.
 
@@ -40,7 +47,7 @@ Using `--userns=auto` when starting new containers does not work as long as any
 
 **container:**_id_: join the user namespace of the specified container.
 
-**host**: run in the user namespace of the caller. The processes running in the container have the same privileges on the host as any other process launched by the calling user (default).
+**host** or **""** (empty string): run in the user namespace of the caller. The processes running in the container have the same privileges on the host as any other process launched by the calling user.
 
 **keep-id**: creates a user namespace where the current user's UID:GID are mapped to the same values in the container. For containers created by root, the current mapping is created into a new user namespace.
 

From cce8501a5bdfb0d5b2e53ae3a67bb1980f009ad3 Mon Sep 17 00:00:00 2001
From: Philipp Wagner <phw@ibm.com>
Date: Mon, 3 Jul 2023 17:09:24 +0200
Subject: [PATCH 2/2] [CI:DOCS] Reformat and reorder table with --userns
 options

Reorder the table with --userns options to match the description below.
Also, reformat the Markdown to be better readable in source form.

Signed-off-by: Philipp Wagner <phw@ibm.com>
---
 .../source/markdown/options/userns.container.md | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/docs/source/markdown/options/userns.container.md b/docs/source/markdown/options/userns.container.md
index 6b9df73636..e0c0c95c89 100644
--- a/docs/source/markdown/options/userns.container.md
+++ b/docs/source/markdown/options/userns.container.md
@@ -6,9 +6,10 @@
 
 Set the user namespace mode for the container.
 
-If `--userns` is not set the default value is determined as follows.
+If `--userns` is not set, the default value is determined as follows.
 - If `--pod` is set, `--userns` is ignored and the user namespace of the pod is used.
 - If the environment variable **PODMAN_USERNS** is set its value is used.
+- If `userns` is specified in `containers.conf` this value is used.
 - Otherwise, `--userns=host` is assumed.
 
 `--userns=""` (i.e., an empty string) is an alias for `--userns=host`.
@@ -17,13 +18,13 @@ This option is incompatible with **--gidmap**, **--uidmap**, **--subuidname** an
 
 Rootless user --userns=Key mappings:
 
-Key       | Host User |  Container User
-----------|---------------|---------------------
-""        |$UID         |0 (Default User account mapped to root user in container.)
-keep-id   |$UID         |$UID (Map user account to same UID within container.)
-keep-id:uid=200,gid=210 |$UID| 200:210 (Map user account to specified UID, GID value within container.)
-auto      |$UID         | nil (Host User UID is not mapped into container.)
-nomap     |$UID         | nil (Host User UID is not mapped into container.)
+Key                     | Host User | Container User
+------------------------|-----------|---------------------
+auto                    | $UID      | nil (Host User UID is not mapped into container.)
+host                    | $UID      | 0 (Default User account mapped to root user in container.)
+keep-id                 | $UID      | $UID (Map user account to same UID within container.)
+keep-id:uid=200,gid=210 | $UID      | 200:210 (Map user account to specified UID, GID value within container.)
+nomap                   | $UID      | nil (Host User UID is not mapped into container.)
 
 Valid _mode_ values are: