github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-09-02 07:26:13 +00:00
Code Issues Projects Releases Wiki Activity

Add partial user namespace support

Browse Source 
This adds the OCI parts needed into the yaml, but there are still
permissions issues in practise so marked as experimental.

It may just need further documentation to resolve the issues.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit is contained in:
Justin Cormack
2017-07-03 14:45:58 +01:00
parent c7c4c9ef2a
commit a73c3d3667
3 changed files with 76 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/yaml.md
View File

@@ -158,6 +158,9 @@ bind mounted into a container.
- `sysctl` sets a list of `sysctl` key value pairs that are set inside the container namespace.
- `rmlimits` sets a list of `rlimit` values in the form `name,soft,hard`, eg `nofile,100,200`. You can use `unlimited` as a value too.
There are experimental `userns`, `uidMappings` and `gidMappings` options for user namespaces but these are not yet supported, and may have
permissions issues in use.
### Mount Options
When mounting filesystem paths into a container - whether as part of `onboot` or `services` - there are several options of which you need to be aware. Using them properly is necessary for your containers to function properly.