netbird/gvisor
0
0
Fork 0
mirror of https://github.com/netbirdio/gvisor.git synced 2026-05-22 17:12:49 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
gvisor/test/podman
T
History
Ayush Ranjan c3abb8c00a Add directfs support for Docker/k8s/Podman rootless containers. 
These tools use rootless-containers/rootlesskit under the hood. rootlesskit
configures a new userns with uid/gid mappings such that 0 ID is mapped to
current user/group and IDs 1 onwards are mapped to host IDs configured in
/etc/subuid and /etc/subgid.

runsc is invoked by these tools in a new userns with UID=0 which is mapped
to the caller's UID in the parent userns.

When directfs tries modify the OCI spec by adding identity mappings, it should
not assume that we are running as root in the initial userns. As described
above, we could be running as root in a new userns. So the identity mappings
should be created by looking at /proc/self/{uid/gid}_map.

With this change, rootless containers work correctly with these tools.

PiperOrigin-RevId: 531796427
2023-05-13 15:39:02 -07:00
..
run.sh
Add directfs support for Docker/k8s/Podman rootless containers.
2023-05-13 15:39:02 -07:00