Akihiro Suda
|
f103de57ec
|
main: support rootless mode in userns
Running rootless containers in userns is useful for mounting
filesystems (e.g. overlay) with mapped euid 0, but without actual root
privilege.
Usage: (Note that `unshare --mount` requires `--map-root-user`)
user$ mkdir lower upper work rootfs
user$ curl http://dl-cdn.alpinelinux.org/alpine/v3.7/releases/x86_64/alpine-minirootfs-3.7.0-x86_64.tar.gz | tar Cxz ./lower || ( true; echo "mknod errors were ignored" )
user$ unshare --mount --map-root-user
mappedroot# runc spec --rootless
mappedroot# sed -i 's/"readonly": true/"readonly": false/g' config.json
mappedroot# mount -t overlay -o lowerdir=./lower,upperdir=./upper,workdir=./work overlayfs ./rootfs
mappedroot# runc run foo
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
|
2018-05-10 12:16:43 +09:00 |
Phil Estes