You've already forked runc
mirror of
https://github.com/opencontainers/runc.git
synced 2025-07-04 02:42:31 +03:00
f103de57ec
Running rootless containers in userns is useful for mounting filesystems (e.g. overlay) with mapped euid 0, but without actual root privilege. Usage: (Note that `unshare --mount` requires `--map-root-user`) user$ mkdir lower upper work rootfs user$ curl http://dl-cdn.alpinelinux.org/alpine/v3.7/releases/x86_64/alpine-minirootfs-3.7.0-x86_64.tar.gz | tar Cxz ./lower || ( true; echo "mknod errors were ignored" ) user$ unshare --mount --map-root-user mappedroot# runc spec --rootless mappedroot# sed -i 's/"readonly": true/"readonly": false/g' config.json mappedroot# mount -t overlay -o lowerdir=./lower,upperdir=./upper,workdir=./work overlayfs ./rootfs mappedroot# runc run foo Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
28 lines
529 B
Go
28 lines
529 B
Go
// +build !linux
|
|
|
|
package system
|
|
|
|
import (
|
|
"os"
|
|
|
|
"github.com/opencontainers/runc/libcontainer/user"
|
|
)
|
|
|
|
// RunningInUserNS is a stub for non-Linux systems
|
|
// Always returns false
|
|
func RunningInUserNS() bool {
|
|
return false
|
|
}
|
|
|
|
// UIDMapInUserNS is a stub for non-Linux systems
|
|
// Always returns false
|
|
func UIDMapInUserNS(uidmap []user.IDMap) bool {
|
|
return false
|
|
}
|
|
|
|
// GetParentNSeuid returns the euid within the parent user namespace
|
|
// Always returns os.Geteuid on non-linux
|
|
func GetParentNSeuid() int {
|
|
return os.Geteuid()
|
|
}
|