[systemd-devel] systemd-nspawn create container under unprivileged user
Vasiliy Tolstov
v.tolstov at selfip.ru
Thu Feb 5 03:48:46 PST 2015
2015-02-05 12:44 GMT+03:00 Alban Crequy <alban.crequy at gmail.com>:
> Manual page namespaces(7):
>
> Creation of new namespaces using clone(2) and unshare(2) in most
> cases
> requires the CAP_SYS_ADMIN capability. User namespaces are the
> exception: since Linux 3.8, no privilege is required to create a
> user
> namespace.
>
So as i understand i can't create full featured container with network
under non root user (and not have cap_sys_admin)
--
Vasiliy Tolstov,
e-mail: v.tolstov at selfip.ru
jabber: vase at selfip.ru
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150205/72f07e63/attachment-0001.html>
More information about the systemd-devel
mailing list