Skip to content

Commit

Permalink
cmd/create: Use the host's user namespace when running as root
Browse files Browse the repository at this point in the history
One of the biggest advantages of running as root is the ability to have
all the UIDs from the host operating system mapped into the container
by using the host's user namespace.

This can be a big help when faced with permission problems.

#267
  • Loading branch information
debarshiray committed Nov 3, 2020
1 parent 25b647d commit 09d2c46
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion src/cmd/create.go
Original file line number Diff line number Diff line change
Expand Up @@ -227,6 +227,13 @@ func createContainer(container, image, release string, showCommandToEnter bool)
ulimitHost = []string{"--ulimit", "host"}
}

var usernsArg string
if currentUser.Uid == "0" {
usernsArg = "host"
} else {
usernsArg = "keep-id"
}

dbusSystemSocket, err := getDBusSystemSocket()
if err != nil {
return err
Expand Down Expand Up @@ -376,7 +383,7 @@ func createContainer(container, image, release string, showCommandToEnter bool)
createArgs = append(createArgs, ulimitHost...)

createArgs = append(createArgs, []string{
"--userns=keep-id",
"--userns", usernsArg,
"--user", "root:root",
"--volume", "/boot:/run/host/boot:rslave",
"--volume", "/etc:/run/host/etc",
Expand Down

0 comments on commit 09d2c46

Please sign in to comment.