Mail archive

[alpine-devel] uuns: Unprivileged user namespaces on hardened kernel

From: Steven McDonald <>
Date: Mon, 22 May 2017 14:07:41 +0200

Hi there,

I've been playing around with unprivileged user namespaces on Alpine
and decided to write a simple tool to make them feasible (without
installing LXC) on Alpine's hardened kernel.

I've just pushed it to GitHub:

It's essentially the same thing as "unshare --user", but the executable
has the file capabilities necessary to create user namespaces, and has
execution restricted to a "uuns" group. This provides an easy way for
the administrator to control permissions for creating unprivileged
namespaces; simply add users to the "uuns" group.

I'm interested in feedback. If this is something of interest to the
distribution, I'll try my hand at creating a package for it.

Received on Mon May 22 2017 - 14:07:41 UTC