Mail archive
alpine-devel

[alpine-devel] uuns: Unprivileged user namespaces on hardened kernel

From: Steven McDonald <steven_at_steven-mcdonald.id.au>
Date: Mon, 22 May 2017 14:07:41 +0200

Hi there,

I've been playing around with unprivileged user namespaces on Alpine
and decided to write a simple tool to make them feasible (without
installing LXC) on Alpine's hardened kernel.

I've just pushed it to GitHub:

  https://github.com/stevenjm/uuns

It's essentially the same thing as "unshare --user", but the executable
has the file capabilities necessary to create user namespaces, and has
execution restricted to a "uuns" group. This provides an easy way for
the administrator to control permissions for creating unprivileged
namespaces; simply add users to the "uuns" group.

I'm interested in feedback. If this is something of interest to the
distribution, I'll try my hand at creating a package for it.

--
Steven
---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Mon May 22 2017 - 14:07:41 GMT