On 15 Nov 2015 13:06, U.Mutlu wrote: > Mike Frysinger wrote on 11/15/2015 07:28 AM: > > On 15 Nov 2015 03:10, U.Mutlu wrote: > >> Mike Frysinger wrote on 11/15/2015 02:24 AM: > >>> On 15 Nov 2015 01:49, U.Mutlu wrote: > >>>> So, then the question remains: how to give non-root user a secure mount > >>> > >>> no, it doesn't. at least two people have already told you how to do it: > >>> use the usernamespace (-U) option that unshare already supports. > >> > >> It's not yet clear for me how to use that. Can you give an example? > >> unshare -U /bin/bash > > > > the unshare(1) man page already includes an example: > > $ unshare --map-root-user --user sh -c whoami > > root > > No, firstly there is no such example in man unshare, secondly it doesn't do here: > $ unshare --map-root-user --user sh -c whoami > unshare: unshare failed: Operation not permitted > > Is there maybe a bug in the Debian version? complain to Debian. iirc, they break their kernels on purpose by adding non-standard caps which disallow userns usage. > And thirdly: is that not even more dangerous to give a user root permission > then? I don't understand this philosophy. Or, where is the trick in this? you aren't actually root. you'll probably want to read: https://lwn.net/Articles/532593/ man user_namespaces -mike
Attachment:
signature.asc
Description: Digital signature
