Mail archive
alpine-devel

Re: [alpine-devel] uuns: Unprivileged user namespaces on hardened kernel

From: 7heo <7heo_at_mail.com>
Date: Mon, 22 May 2017 13:19:59 +0000

I like its simplicity and default behavior to start a shell.

I am not very familiar with namespaces myself, but this looks like a good idea.

I'll try it when I have time.

Cheers,
Theo.

On Monday, May 22, 2017, Steven McDonald wrote:
> Hi there,
>
> I've been playing around with unprivileged user namespaces on Alpine
> and decided to write a simple tool to make them feasible (without
> installing LXC) on Alpine's hardened kernel.
>
> I've just pushed it to GitHub:
>
> https://github.com/stevenjm/uuns
>
> It's essentially the same thing as "unshare --user", but the executable
> has the file capabilities necessary to create user namespaces, and has
> execution restricted to a "uuns" group. This provides an easy way for
> the administrator to control permissions for creating unprivileged
> namespaces; simply add users to the "uuns" group.
>
> I'm interested in feedback. If this is something of interest to the
> distribution, I'll try my hand at creating a package for it.
>
> --
> Steven
>
>
> ---
> Unsubscribe: alpine-devel+unsubscribe_at_lists.alpinelinux.org
> Help: alpine-devel+help_at_lists.alpinelinux.org
> ---
>
>R{.n+yׯz_˛mbzX+ijZb^~i+-iw{
Received on Mon May 22 2017 - 13:19:59 GMT