[systemd-devel] [PATCH] loopback setup in unprivileged containers

Matthias Urlichs matthias at urlichs.de
Mon Dec 29 06:33:23 PST 2014


Lennart Poettering:
> I am open to adding support for this, but I think the allocation of
> the UID ranges should really happen automatically, and not be
> something the admin has to manually assign.
> Which means we'd enter dynamic UID allocation terroritory, and that
> opens a huge can of worms...
Both. My Debian autobuilder, for instance, needs static UIDs.
Frankly, I also manage a bunch of other VMs with just systemd because
-nspawn does all I need (other than UID mapping … oh yes, and the ability
to attach to more than one bridge interface) and I don't want to bother
with yet another tool. :-P

Fortunately we have 32-bit UIDs these days. So for automatic allocation
I'd just sequentially number the machines and give each of them a 2048-UID
chunk (with the top couple of addresses mapped to 6553x for nobody:nogroup)
above 65536. Problem solved.

However, this is not a problem for -nspawn itself: if I want to do
auto-allocation, I can easily write a shallow wrapper (in whatever script
language I want) which calculates the appropriate options and then exec()s

-- Matthias Urlichs

More information about the systemd-devel mailing list