Re: [systemd-devel] containers again

[Richard Maw]

On Tue, Sep 08, 2015 at 04:14:58PM +0200, Michał Zegan wrote:
> Hello.
> 
> Before you stated that containers are not a security feature right
> now. It is required to manually shift uids/gids on images etc.

Yes.

Also, if you uid-shift the container's root directory, using `--private-users`
without specifying a uid-shift works by inspecting the uid-shift of the
file-system, assuming that each container is allocated the lower 16-bits of the
UID field, and the upper 16-bits being a container ID.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] containers again

[Michał Zegan]

Hello.

Before you stated that containers are not a security feature right now. 
It is required to manually shift uids/gids on images etc.
What are other known problems with containers that use ALL namespaces? 
Like if not counting the problem of uid allocation and manual shifting 
of them.

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel