You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
config-linux: Make "don't modify filesystem permissions" generic
The user-namespace restriction isn't about the root filesystem in
particular. For example, if you bind mount in a second filesystem,
the runtime shouldn't adjust ownership on that filesystem either.
I've also adjusted the old "permissions" to "ownership", since that
more clearly reflects the fields (user and group) that you would
modify if you wanted to adjust for user namespacing.
Signed-off-by: W. Trevor King <[email protected]>
Copy file name to clipboardExpand all lines: config-linux.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -88,7 +88,7 @@ Also, when a path is specified, a runtime MUST assume that the setup for that pa
88
88
```
89
89
90
90
uid/gid mappings describe the user namespace mappings from the host to the container.
91
-
The mappings represent how the bundle `rootfs` expects the user namespace to be setup and the runtime SHOULD NOT modify the permissions on the rootfs to realize the mapping.
91
+
The runtime SHOULD NOT modify the ownership of referenced filesystems to realize the mapping.
92
92
*hostID* is the starting uid/gid on the host to be mapped to *containerID* which is the starting uid/gid in the container and *size* refers to the number of ids to be mapped.
93
93
There is a limit of 5 mappings which is the Linux kernel hard limit.
0 commit comments