Ricardo Wurmus <rekado@elephly.net> writes:

> I suppose /etc/pam.d/ also needs to be in the container.

Tried it, same error.

>> What about defaulting to 1000?  It's rather common, so I guess that
>> would be anonymous enough and "just work".
>
> Would it make sense to map the current user’s UID into the container
> instead of using a fixed UID?

We have a "--user" option, so we could use the current user's UID when
--user is not specified, 1000 otherwise.
Or better: add a --uid CLI option.

-- 
Pierre Neidhardt
https://ambrevar.xyz/