Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support user namespace remapping #27945

Closed
therc opened this Issue Jun 23, 2016 · 9 comments

Comments

Projects
None yet
8 participants
@therc
Copy link
Contributor

commented Jun 23, 2016

This has been available since Docker 1.10. It doesn't really allow multi-tenancy yet, but it does provide greater host isolation.

@spzala

This comment has been minimized.

Copy link
Member

commented Aug 11, 2017

@therc hi, since it's been over a year of last discussion on this issue, a gentle touch base - is this still a valid feature request, or it can be closed? anything changed? Thanks!

@The-Loeki

This comment has been minimized.

Copy link

commented Nov 10, 2017

@spzala it is, but other issues track progress:

@spzala

This comment has been minimized.

Copy link
Member

commented Nov 10, 2017

@The-Loeki cool, thanks for providing those useful ref links!!

@adelton

This comment has been minimized.

Copy link
Contributor

commented Nov 14, 2017

The main problem with the setup seems to be pods' content in /var/lib/kubelet being owned by root (uid 0), and thus not accessible to the namespaced processes.

I've now filed #55707 as a possible way to make kubelet change ownership to the uid/gid matching the remapped uid, as configured in docker.

@fejta-bot

This comment has been minimized.

Copy link

commented Feb 12, 2018

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@adelton

This comment has been minimized.

Copy link
Contributor

commented Feb 14, 2018

/remove-lifecycle stale

@fejta-bot

This comment has been minimized.

Copy link

commented May 15, 2018

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@fejta-bot

This comment has been minimized.

Copy link

commented Jun 14, 2018

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten
/remove-lifecycle stale

@fejta-bot

This comment has been minimized.

Copy link

commented Jul 14, 2018

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.