jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #50 from mrunalp/userns_section 

Adds a section for user namespace mappings
This commit is contained in:
Michael Crosby 2015-07-08 09:28:18 -07:00
parent e45054b038 d8237f1899
commit e8990d65d1
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
config-linux.md
View File

@ -118,6 +118,27 @@ For more information, see [the man page](http://man7.org/linux/man-pages/man8/sy
rlimits allow setting resource limits. The type is from the values defined in [the man page](http://man7.org/linux/man-pages/man2/setrlimit.2.html). The kernel enforces the soft limit for a resource while the hard limit acts as a ceiling for that value that could be set by an unprivileged process. rlimits allow setting resource limits. The type is from the values defined in [the man page](http://man7.org/linux/man-pages/man2/setrlimit.2.html). The kernel enforces the soft limit for a resource while the hard limit acts as a ceiling for that value that could be set by an unprivileged process.
## Linux user namespace mappings
```
"uidMappings": [
{
"from" : 1000,
"to" : 0,
"count" : 10
}
],
"gidMappings": [
{
"from" : 1000,
"to" : 0,
"count" : 10
}
]
```
uid/gid mappings describe the user namespace mappings from the host to the container. *from* is the starting uid/gid on the host to be mapped to *to* which is the starting uid/gid in the container and *count* refers to the number of ids to be mapped. The Linux kernel has a limit of 5 such mappings that can be specified.
## Security ## Security
**TODO:** security profiles **TODO:** security profiles