On Thu, 05.02.15 02:03, Vasiliy Tolstov (v.tols...@selfip.ru) wrote: > Hello! > Does it possible to create container as regular user? Oh what capabilities > i need to add to create container not using root?
Invoking containers without privileges is not supported by nspawn, and this is unlikely to change, as I fail to see any strong usecase for this... If somebody can englighten me about the usecase for allowing containers to be run by unprivileged users, I'd be willing to change my mind though... Note that to my knowledge any support for unprivileged containers has been disabled in the kernel on many distros though including Fedora's, since it's basically one giant security hole. Note that many of machinectl's commands involve polkit checks, which means it's easy to open them up for unprivileged clients. However, in that case the containers would be forked off and maintained privileged, only the clients will be unprivileged... LXC supports unprivileged containers though, this might be an option for you. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
