The kernel in the container will run as user 10, and the user with ID 1000
inside will run under that kernel. So since the kernel has permission to access
the root filesystem, the 1000/101000 user does not need separate permission. At
least as I understand it.
Neil
On 4 May 2015 04:14:19 B
Quoting Brian Allen Vanderburg II (brianvanderbu...@aim.com):
> I'm attempting to understand why something works which seems like it
> shouldn't.
>
> I have an unprivileged container with a uid map of 0 10 65536. In
> order for the container to run, the root user of that container must be
> a
I'm attempting to understand why something works which seems like it
shouldn't.
I have an unprivileged container with a uid map of 0 10 65536. In
order for the container to run, the root user of that container must be
able to traverse to the rootfs. In order to be more secure, I set my
home
