<Mike Heijmans> @kwilson it looks good from my point of view. ... the only thing you may want to add is

--privileged=true

to the run command if this is for wrapping a dev envrionment on a local machine <Mike Heijmans> but if its not needed, then don't do ... its more secure that way anyway <Kris Wilson> sweet! any thoughts on the comments on the RB itself? "Is there a better way to deal with portable local host volume mount perms?  I do a crazy secondary image build, feels like this should be easier with a gid/uid map of some sort." <Kris Wilson> and "Is there a better way to do port mapping?  I'd love some way to keep

./pants server

using an ephemeral port but I could not figure out a nice way that keeps the user from having to know about

docker ps

and/or

docker port

." <Mike Heijmans> That's a serious problem in the docker (through VM) world still.. I know they recently added the -u & --group-add <Mike Heijmans> it was buggy in docker 1.7 when I was experimenting with that... It may be better in 1.8 though <Mike Heijmans>

-u, --user=                     Username or UID (format: <name|uid>[:<group|gid>])

<Mike Heijmans> I have (essentially) the same kind of setup where I'm forcing user and group ids in the docker file at build time <Mike Heijmans> but its an artifact from docker 1.6 simple smile (and as I said, I messed with uid/gid with 1.7 but it was buggy and decided to leave the working things working)