Merge pull request #37253 from kinvolk/rata/userns

k8s-ci-robot · web-flow · commit cdfab27ffc80 · 2022-11-02T20:17:35.000-07:00
content: Clarify how to verify user abstraction
diff --git a/content/en/docs/concepts/workloads/pods/user-namespaces.md b/content/en/docs/concepts/workloads/pods/user-namespaces.md
@@ -90,9 +90,9 @@ This means containers can run as root and be mapped to a non-root user on the
 host. Inside the container the process will think it is running as root (and
 therefore tools like `apt`, `yum`, etc. work fine), while in reality the process
 doesn't have privileges on the host. You can verify this, for example, if you
-check the user the container process is running `ps` from the host. The user
-`ps` shows is not the same as the user you see if you execute inside the
-container the command `id`.
+check which user the container process is running by executing `ps aux` from
+the host. The user `ps` shows is not the same as the user you see if you
+execute inside the container the command `id`.
 
 This abstraction limits what can happen, for example, if the container manages
 to escape to the host. Given that the container is running as a non-privileged
