[PATCH] devpts: Add ptmx_uid and ptmx_gid options

Alexander Larsson alexl at redhat.com
Thu May 28 20:06:17 UTC 2015

On Thu, 2015-05-28 at 12:14 -0500, Eric W. Biederman wrote:
> > Where does the second namespace enter into this? 
> Step a.  Create create a user namespace where uid 0 is mapped to your
> real uid, and set up your sandbox (aka mount /dev/pts and everything
> else).
> Step b.  Create a nested user namespace where your uid is identity
> mapped and run your desktop application.  You can even drop all caps 
> in
> your namespace.

Just tried this. Its not the nicest, and it doubles the number of
namespaces in action for each sandbox, but it does work.

More information about the Containers mailing list