User namespace as you would expect it to work. (Container Isolation)
does not work yet. User Namespace can be used with docker-1.10, but
only for protecting the host from the container. All containers would
run with the same "DockerRoot".
We are working on the ability to run each container with its own range
of UIDs, but this is a long way from being accepted in upstream docker.
On 05/18/2016 02:46 PM, Hardy Ferentschik wrote:
Hi,
On Wed, 18-May-2016 07:10, Clayton Coleman wrote:
It was a deliberate choice, predicated on other changes coming to
Docker (user namespaces) plus the desire to ensure demos run.
Ultimately, the CDK is a playground. Putting up chain link fences
around the playground sends the wrong message.
I'd prefer to have it easier to go between the levels in the short
term than to ratchet it back.
+1 to all the above.
My understanding was anyways that in with the upcoming user namespaces
things would change and the problem would "go away". Where do things
stand regarding this feature?
--Hardy
_______________________________________________
Container-tools mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/container-tools
_______________________________________________
Container-tools mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/container-tools
