[systemd-devel] "dynamic" uid allocation (was: [PATCH] loopback setup in unprivileged containers)
David Herrmann
dh.herrmann at gmail.com
Tue Feb 3 07:28:22 PST 2015
Hi
On Tue, Feb 3, 2015 at 3:41 PM, Lennart Poettering
<lennart at poettering.net> wrote:
> Hmm, so, I thought a lot about this in the past weeks. I think the way
> I'd really like to see this work in the end is that we never have to
> persist the UID mappings. This could work if the kernel would provide
> us with the ability to bind mount a file system into the container
> applying a fixed UID shift. That way, the shifted UIDs would never hit
> the actual disk, and hence we wouldn't have to persist their mappings.
An alternative would be to map UIDs to the owning user-namespace of
the current mount-namespace when accessing disks (which is the
user-namespace active at the time the mount-namespace was created).
Anyway, this all depends on kernel people to accept this..
Thanks
David
More information about the systemd-devel
mailing list