Mail archive

Re: [alpine-devel] uuns: Unprivileged user namespaces on hardened kernel

From: 7heo <>
Date: Mon, 22 May 2017 13:19:59 +0000

I like its simplicity and default behavior to start a shell.

I am not very familiar with namespaces myself, but this looks like a good idea.

I'll try it when I have time.


On Monday, May 22, 2017, Steven McDonald wrote:
> Hi there,
> I've been playing around with unprivileged user namespaces on Alpine
> and decided to write a simple tool to make them feasible (without
> installing LXC) on Alpine's hardened kernel.
> I've just pushed it to GitHub:
> It's essentially the same thing as "unshare --user", but the executable
> has the file capabilities necessary to create user namespaces, and has
> execution restricted to a "uuns" group. This provides an easy way for
> the administrator to control permissions for creating unprivileged
> namespaces; simply add users to the "uuns" group.
> I'm interested in feedback. If this is something of interest to the
> distribution, I'll try my hand at creating a package for it.
> --
> Steven
> ---
> Unsubscribe:
> Help:
> ---
Received on Mon May 22 2017 - 13:19:59 GMT