On Mon, 29.12.14 09:07, Matthias Urlichs (matth...@urlichs.de) wrote: > > On Sun, Dec 28, 2014 at 6:18 PM, Stéphane Graber > > <stephane.gra...@canonical.com> wrote: > > > My host system doesn't have nspawn so I can't easily test it this way, > > > but it was my understanding that nspawn didn't support user namespaces > > > and uid/gid mappings which is what I'm working with here. > > > > Indeed, that is not supported by nspawn (which explains why I cannot > > reproduce). I was able to reproduce using the userns_child_exec test > > program from [0], so I'll take a look. > > > Hmm. IMHO it would be reasonable to add a mapping option > ("--{user,group}map=inside:outside[:length]") to nspawn.
I am open to adding support for this, but I think the allocation of the UID ranges should really happen automatically, and not be something the admin has to manually assign. Which means we'd enter dynamic UID allocation terroritory, and that opens a huge can of worms... Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel