Re: [PATCH 0/3] Enable namespaced file capabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

There is one very simple solution to the problem.

Perform the unpacking in your user namespace.


I'm not aware of any major container runtime that couples image
unpacking to the runtime components >> Yeah, I assumed that would also work. I was just responding to

"perform the unpacking in your user namespace" and was just
clarifying that currently no container runtime would want to do
that.


That's exactly what lxc does.
Oh really, I wasn't aware of that. Thanks -- I haven't really looked at LXC's templates before, I should take a look at that over the weekend. 

--
Aleksa Sarai
Software Engineer (Containers)
SUSE Linux GmbH
https://www.cyphar.com/
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers
[Index of Archives]     [Cgroups]     [Netdev]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux