On 3/29/2019 4:43 AM, paul gauret wrote:
> in my case doing everything with root.
>> Privileged containers work just fine.
We're missing kernel.unprivileged_userns_clone for whatever reason.
You have to enable that to run things as non-root (which I suspect
you're trying to do).
Spun up a VM to test: unprivileged containers are just fine as root, but
not as a user (in the latter case you get a segfault - likely because an
unprivileged user is trying to userns clone without having the right to :) )
I suppose the question now becomes "why are we missing that option".
In the interim, feel free to have root-owned unprivileged containers
(you can give root subuids just like everywhere else, and everything
ends up running as UID 100000 or whatever you use).
Received on Fri Mar 29 2019 - 13:21:21 UTC