Tweak uid/gid map default configuration #12
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Use an allocation of 65536 uids and gids to allow for POSIX-compliant user owned namespaces. - Don't allocate a uid/gid map to system users. Unfortunately checking for --system isn't quite enough as some distribution wrappers always call useradd without --system and take care of choosing a uid and gid themselves, so also check whether the requested uid/gid is in the user range. This is taken from a patch I wrote for Ubuntu a couple years ago and which somehow didn't make it upstream. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
hallyn
added a commit
that referenced
this pull request
Feb 15, 2016
Tweak uid/gid map default configuration
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
user owned namespaces.
Unfortunately checking for --system isn't quite enough as some
distribution wrappers always call useradd without --system and take care
of choosing a uid and gid themselves, so also check whether the
requested uid/gid is in the user range.
This is taken from a patch I wrote for Ubuntu a couple years ago and
which somehow didn't make it upstream.
Signed-off-by: Stéphane Graber stgraber@ubuntu.com