[systemd-devel] [PATCH] loopback setup in unprivileged containers

[Matthias Urlichs]

Hi,

Lennart Poettering:
> I am open to adding support for this, but I think the allocation of
> the UID ranges should really happen automatically, and not be
> something the admin has to manually assign.
> 
> Which means we'd enter dynamic UID allocation terroritory, and that
> opens a huge can of worms...
> 
Both. My Debian autobuilder, for instance, needs static UIDs.
Frankly, I also manage a bunch of other VMs with just systemd because
-nspawn does all I need (other than UID mapping … oh yes, and the ability
to attach to more than one bridge interface) and I don't want to bother
with yet another tool. :-P

Fortunately we have 32-bit UIDs these days. So for automatic allocation
I'd just sequentially number the machines and give each of them a 2048-UID
chunk (with the top couple of addresses mapped to 6553x for nobody:nogroup)
above 65536. Problem solved.

However, this is not a problem for -nspawn itself: if I want to do
auto-allocation, I can easily write a shallow wrapper (in whatever script
language I want) which calculates the appropriate options and then exec()s
nspawn.

-- 
-- Matthias Urlichs