Adds a section for user namespace mappings
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
This commit is contained in:
Mrunal Patel
parent
c604beacfc
commit
d8237f1899
|
|
@ -118,6 +118,27 @@ For more information, see [the man page](http://man7.org/linux/man-pages/man8/sy
|
|||
|
||||
rlimits allow setting resource limits. The type is from the values defined in [the man page](http://man7.org/linux/man-pages/man2/setrlimit.2.html). The kernel enforces the soft limit for a resource while the hard limit acts as a ceiling for that value that could be set by an unprivileged process.
|
||||
|
||||
## Linux user namespace mappings
|
||||
|
||||
```
|
||||
"uidMappings": [
|
||||
{
|
||||
"from" : 1000,
|
||||
"to" : 0,
|
||||
"count" : 10
|
||||
}
|
||||
],
|
||||
"gidMappings": [
|
||||
{
|
||||
"from" : 1000,
|
||||
"to" : 0,
|
||||
"count" : 10
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
uid/gid mappings describe the user namespace mappings from the host to the container. *from* is the starting uid/gid on the host to be mapped to *to* which is the starting uid/gid in the container and *count* refers to the number of ids to be mapped. The Linux kernel has a limit of 5 such mappings that can be specified.
|
||||
|
||||
## Security
|
||||
|
||||
**TODO:** security profiles
|
||||
|
|
|
|||
Loading…
Reference in New Issue