[systemd-devel] containers again

Richard Maw richard.maw at codethink.co.uk
Tue Sep 8 07:22:25 PDT 2015


On Tue, Sep 08, 2015 at 04:14:58PM +0200, MichaƂ Zegan wrote:
> Hello.
> 
> Before you stated that containers are not a security feature right
> now. It is required to manually shift uids/gids on images etc.

Yes.

Also, if you uid-shift the container's root directory, using `--private-users`
without specifying a uid-shift works by inspecting the uid-shift of the
file-system, assuming that each container is allocated the lower 16-bits of the
UID field, and the upper 16-bits being a container ID.


More information about the systemd-devel mailing list