[systemd-devel] containers again
Richard Maw
richard.maw at codethink.co.uk
Tue Sep 8 07:22:25 PDT 2015
On Tue, Sep 08, 2015 at 04:14:58PM +0200, MichaĆ Zegan wrote:
> Hello.
>
> Before you stated that containers are not a security feature right
> now. It is required to manually shift uids/gids on images etc.
Yes.
Also, if you uid-shift the container's root directory, using `--private-users`
without specifying a uid-shift works by inspecting the uid-shift of the
file-system, assuming that each container is allocated the lower 16-bits of the
UID field, and the upper 16-bits being a container ID.
More information about the systemd-devel
mailing list