[systemd-devel] [PATCH] loopback setup in unprivileged containers
Matthias Urlichs
matthias at urlichs.de
Mon Dec 29 00:07:17 PST 2014
Hi,
Tom Gundersen:
> On Sun, Dec 28, 2014 at 6:18 PM, Stéphane Graber
> <stephane.graber at canonical.com> wrote:
> > My host system doesn't have nspawn so I can't easily test it this way,
> > but it was my understanding that nspawn didn't support user namespaces
> > and uid/gid mappings which is what I'm working with here.
>
> Indeed, that is not supported by nspawn (which explains why I cannot
> reproduce). I was able to reproduce using the userns_child_exec test
> program from [0], so I'll take a look.
>
Hmm. IMHO it would be reasonable to add a mapping option
("--{user,group}map=inside:outside[:length]") to nspawn.
--
-- Matthias Urlichs
More information about the systemd-devel
mailing list