Difference between revisions of "Talk:LXD/What are subuids and subgids?"

From Funtoo
Jump to: navigation, search
(Created page with "The content of this article is attached to LXD by misunderstanding. Actually, when you setup LXC container all of the same are applicable. And lxc is a separate ebuild - http:...")
 
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
 
The content of this article is attached to LXD by misunderstanding. Actually, when you setup LXC container all of the same are applicable. And lxc is a separate ebuild - http://gpo.zugaina.org/app-emulation/lxc
 
The content of this article is attached to LXD by misunderstanding. Actually, when you setup LXC container all of the same are applicable. And lxc is a separate ebuild - http://gpo.zugaina.org/app-emulation/lxc
 +
 +
== Nesting ==
 +
Nesting is not mentioned
 +
«User namespaces can also be nested but the nested namespace can only map ids that exist in its parent, so you can only reduce but not expand the id space by nesting.»
 +
 +
== man user_namespaces ==
 +
subuids and subgids are mentioned in
 +
https://man7.org/linux/man-pages/man7/user_namespaces.7.html
 +
 +
== Docker ==
 +
docker daemon have a special key, which is in manpage
 +
 +
    --userns-remap=default|uid:gid|user:group|user|uid
 +
      Enable user namespaces for containers on the daemon. Specifying "default"
 +
      will cause a new user and group to be created to handle UID and GID range
 +
      remapping for the user namespace mappings used for contained processes.
 +
      Specifying a user (or uid) and optionally a group (or gid) will cause the
 +
      daemon to lookup the user and group's subordinate ID ranges for use as the
 +
      user namespace mappings for contained processes.

Latest revision as of 08:15, June 6, 2021

The content of this article is attached to LXD by misunderstanding. Actually, when you setup LXC container all of the same are applicable. And lxc is a separate ebuild - http://gpo.zugaina.org/app-emulation/lxc

Nesting

Nesting is not mentioned «User namespaces can also be nested but the nested namespace can only map ids that exist in its parent, so you can only reduce but not expand the id space by nesting.»

man user_namespaces

subuids and subgids are mentioned in https://man7.org/linux/man-pages/man7/user_namespaces.7.html

Docker

docker daemon have a special key, which is in manpage

   --userns-remap=default|uid:gid|user:group|user|uid
     Enable user namespaces for containers on the daemon. Specifying "default"
     will cause a new user and group to be created to handle UID and GID range
     remapping for the user namespace mappings used for contained processes.
     Specifying a user (or uid) and optionally a group (or gid) will cause the
     daemon to lookup the user and group's subordinate ID ranges for use as the
     user namespace mappings for contained processes.