On Thu, Mar 13, 2014 at 01:51:17PM -0400, Simo Sorce wrote: [..] > > 1. Fix Docker to use user namespaces and use the uid of the requesting > > process via SCM_CREDENTIALS. > > This is not practical, I have no control on what UIDs will be used > within a container, I guess uid to container mapping has to be managed by somebody, say systemd. Then there systemd should export an API to query the container a uid is mapped into. So that should not be the real problem. > and IIRC user namespaces have severe limitations > that may make them unusable in some situations. Forcing the use of user > namespaces on docker to satisfy my use case is not in my power. I think that's the real practical problem. Adoption of user name space. Thanks Vivek -- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
