Fix multi mapping for rootless containers #381

Furisto · 2021-10-12T19:05:13Z

This enables multi mapping for rootless containers. You need something like this in your runtime spec:

"uidMappings": [
	{
		"containerID": 0,
		"hostID": 1000,
		"size": 1
	},
	{
		"containerID": 1,
		"hostID": 100000,
		"size": 65536
	}
],
"gidMappings": [
	{
		"containerID": 0,
		"hostID": 1000,
		"size": 1
	},
	{
		"containerID": 1,
		"hostID": 100000,
		"size": 65536
	}
],

Start the container and then (in container or from the host system with the container pid)

cat /proc/self/uid_map  // or gid_map
0       1000          1
1     100000      65536

You also need to ensure that your user is allowed to map these id ranges. You can check that with

cat /etc/subuid // or subgid
furisto:100000:65536

You also need to have shadow-utils installed.

Furisto · 2021-10-12T20:56:20Z

Will take a look at the test errors tomorrow.

Fix multi mapping for rootless containers

581c5e6

Furisto force-pushed the rootless-multi branch from 7591729 to 581c5e6 Compare October 13, 2021 20:26

utam0k approved these changes Oct 14, 2021

View reviewed changes

utam0k merged commit b0f19b5 into youki-dev:main Oct 14, 2021

Furisto linked an issue Oct 14, 2021 that may be closed by this pull request

Support for rootless container #77

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix multi mapping for rootless containers #381

Fix multi mapping for rootless containers #381

Furisto commented Oct 12, 2021 •

edited

Loading

Furisto commented Oct 12, 2021

Fix multi mapping for rootless containers #381

Fix multi mapping for rootless containers #381

Conversation

Furisto commented Oct 12, 2021 • edited Loading

Furisto commented Oct 12, 2021

Furisto commented Oct 12, 2021 •

edited

Loading