[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lxc and subuid
From: |
Maxime Devos |
Subject: |
Re: lxc and subuid |
Date: |
Sat, 02 Apr 2022 15:52:11 +0200 |
User-agent: |
Evolution 3.38.3-1 |
Ludovic Courtès schreef op vr 01-04-2022 om 10:12 [+0200]:
> Or we could unconditionally add 65536 subuids for each non-system user
> account; that’s what other distros seem to be doing.
>
> I think we could take advantage of it for ‘guix system container’: it
> could run in an unprivileged user namespace and map several UIDs in that
> namespace, such that it doesn’t need to run as root anymore.
I think it will need to be conditional, because the container only has
access to 65536 uids. So if the container contains at least one non-
system user, then all available uids are occupied so there is no room
anymore for 'root' or per-service users ...
Greetings,
Maxime.
signature.asc
Description: This is a digitally signed message part