Eric W. Biederman wrote:
James Bottomley<James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> writes:
On Thu, 2016-04-28 at 16:00 -0700, W. Trevor King wrote:
On Thu, Apr 28, 2016 at 03:02:08PM -0700, James Bottomley wrote:
/etc/usernamespaces
and the format be :::
…
If this sounds OK to people, I can code up a utility that does this,
which should probably belong in util-linux.
This sounds a lot like shadow's newuidmap and newgidmap [1,2,3].
Cheers,
Trevor
[1]: https://github.com/shadow-maint/shadow/commit/673c2a6f9aa6c69588f4c1be08589b8d3475a520
[2]: http://man7.org/linux/man-pages/man1/newuidmap.1.html
[3]: http://man7.org/linux/man-pages/man5/subuid.5.html
I think that mostly works. No-one's packaging it yet, which is why I
didn't notice. It also looks like the build dependencies have vastly
expanded, so I can't get it to build in the build service yet.
Both Fedora and Ubuntu should be packaging it. Further Docker should
already be using these files.
Yes, based on our discussion in the PRs when user namespaces
capabilities were added to Docker, we respect the /etc/sub{u,g}id files
for sourcing mappings for userns-confined processes.
- Phil
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers
