[systemd-devel] Does systemd-nspawn support running systemd in a user namespace
Lennart Poettering
lennart at poettering.net
Wed Jan 4 20:29:17 UTC 2017
On Wed, 04.01.17 14:35, Daniel J Walsh (dwalsh at redhat.com) wrote:
> We are seeing issues attempting to do this with docker/runc. Basic
> problem is /sys/fs/cgroup/systemd is owned by real root. Is there
> something we need to change in runc, to make this directory owned by
> UserNamespace-Root?
"systemd-nspawn -U" implements user namespaces, and systemd runs fine
inside of it, so yes, we support that.
Well, unless I am mistaken a user namespace root will not have the
privileges to mount cgroupfs, hence yes, your container manager of
choice needs to pre-mount it correctly, and then change the perms of
it to match the user namespace root.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list