82075 – RFE: systemd-nspawn: user namespaces

Bug 82075 - RFE: systemd-nspawn: user namespaces

Summary: RFE: systemd-nspawn: user namespaces

Status:	RESOLVED FIXED

Alias:	None

Product:	systemd
Classification:	Unclassified
Component:	general (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	medium enhancement
Assignee:	systemd-bugs
QA Contact:	systemd-bugs

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-08-03 00:35 UTC by Jonathan Liu
Modified:	2015-09-06 16:40 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Jonathan Liu 2014-08-03 00:35:48 UTC

If you run the "top" command on the host system, you will see processes from inside systemd-nspawn containers.

Suppose that the host system has UID 1001 mapped to bob and the systemd-nspawn container has UID 1001 mapped to joe. If the system-nspawn container has a process started by "joe", the host system will see this process as being started by "bob".

Ideally, it would be useful to map UID/GID ranges inside the container to non-conflicting UID/GID ranges on the host to avoid this issue.

Comment 1 Lennart Poettering 2015-09-06 16:40:03 UTC

This has been implemented a while ago now. Closing.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.