So I think we might be able to handle this smarter so that users can actually
use the full 5 id map ranges. In order to correctly operate on files on the
host that we want to chown to the container root user we need only two mappings.
So let's say you want to chown a file to belong to 1000:165536 where the 1000
is your uid on the host and 166536 is the gid of the container root as seen
from the host. In order to run a function that executes chown you need:
- a mapping of 65536 (in our example) onto {u,g}id 1000 in a new user namespace
- a mapping of 0 onto 165536 in a new user namespace
Other mappings are not needed. So we can remove the other mappings when
executing a function in a new user namespace. The patch for that is somewhat
intricate but I'll whip it up soon.
** Changed in: lxd (Ubuntu)
Assignee: (unassigned) => Christian Brauner (cbrauner)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1692111
Title:
Unable to configure raw.id_map with multiple entries
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1692111/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
