Bug 82075

Summary: RFE: systemd-nspawn: user namespaces
Product: systemd Reporter: Jonathan Liu <net147>
Component: generalAssignee: systemd-bugs
Status: RESOLVED FIXED QA Contact: systemd-bugs
Severity: enhancement    
Priority: medium    
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Jonathan Liu 2014-08-03 00:35:48 UTC 
If you run the "top" command on the host system, you will see processes from inside systemd-nspawn containers.

Suppose that the host system has UID 1001 mapped to bob and the systemd-nspawn container has UID 1001 mapped to joe. If the system-nspawn container has a process started by "joe", the host system will see this process as being started by "bob".

Ideally, it would be useful to map UID/GID ranges inside the container to non-conflicting UID/GID ranges on the host to avoid this issue.
Comment 1 Lennart Poettering 2015-09-06 16:40:03 UTC 
This has been implemented a while ago now. Closing.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.