Create "rootless" namespace when running under root? #28158
deliciouslytyped
started this conversation in
General
Replies: 1 comment 1 reply
-
|
AFAIK we check for CAP_SYS_ADMIN in order to create the rootless userns, so if you drop all caps it may just work. Though I guess overall there is a fair amount of confusion in the code between checks for uid == 0 and if we use reexec userns mode so you are likely to find many weird behaviours so I would recommend against it. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Looking at #13941, and at the output of lsns not showing any new user namespaces (though I didn't look very hard), apparently podman does not create a rootless namespace when running as root. Is there a way to do this or would that need a feature request? (running similar to "rootless" mode as root.)
Beta Was this translation helpful? Give feedback.
All reactions