No subject
Fri Apr 25 14:24:45 PDT 2008
little odd. I think we could swing either way. Either keeping kernel
user namespaces completely disjoint or allowing them to be mapped to
each other.
I certainly like the classic NFS case of mapping uid 0 to user nobody
on a nonlocal filesystem (outside of the container in our case) so the
don't accidentally do something that root only powers would otherwise
allow.
In general I think managing mapping tables between user namespaces is
a pain in the butt and something to be avoided if you have the option.
I do see a small place for it though.
Eric
More information about the Containers
mailing list