[systemd-devel] [PATCH] loopback setup in unprivileged containers

Matthias Urlichs matthias at urlichs.de
Mon Dec 29 00:07:17 PST 2014


Hi,

Tom Gundersen:
> On Sun, Dec 28, 2014 at 6:18 PM, St├ęphane Graber
> <stephane.graber at canonical.com> wrote:
> > My host system doesn't have nspawn so I can't easily test it this way,
> > but it was my understanding that nspawn didn't support user namespaces
> > and uid/gid mappings which is what I'm working with here.
> 
> Indeed, that is not supported by nspawn (which explains why I cannot
> reproduce). I was able to reproduce using the userns_child_exec test
> program from [0], so I'll take a look.
> 
Hmm. IMHO it would be reasonable to add a mapping option
("--{user,group}map=inside:outside[:length]") to nspawn.

-- 
-- Matthias Urlichs


More information about the systemd-devel mailing list