[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lxc and subuid
From: |
Ludovic Courtès |
Subject: |
Re: lxc and subuid |
Date: |
Tue, 05 Apr 2022 13:53:41 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Hi!
Maxime Devos <maximedevos@telenet.be> skribis:
> Ludovic Courtès schreef op vr 01-04-2022 om 10:12 [+0200]:
>> Or we could unconditionally add 65536 subuids for each non-system user
>> account; that’s what other distros seem to be doing.
>>
>> I think we could take advantage of it for ‘guix system container’: it
>> could run in an unprivileged user namespace and map several UIDs in that
>> namespace, such that it doesn’t need to run as root anymore.
>
> I think it will need to be conditional, because the container only has
> access to 65536 uids. So if the container contains at least one non-
> system user, then all available uids are occupied so there is no room
> anymore for 'root' or per-service users ...
True; we could special-case that in ‘containerized-operating-system’.
But for bare-metal deployments, making that unconditional seems
reasonable to me.
Thanks,
Ludo’.