search for: clone_newuser

...ot using libvirt nor systemd. I've created a bash process inside user namespace with mapping root_inside<->root_outside. I've used a program from https://lwn.net/Articles/532593/ : ./userns_child_exec -U -M '0 0 1' -G '0 0 1' bash This program simply calls clone with CLONE_NEWUSER flag and set proper uid_map and gid_map. The test commands are as follows: mkdir /test mount debugfs /test -t debugfs and strace shows: mount("debugfs", "/test", "debugfs", MS_MGC_VAL, NULL) = -1 EPERM (Operation not permitted) Now the question is: Is it a kernel...

Hi there! I am trying to turn on user namespace by adding following lines to the config: <idmap> <uid start='0' target='0' count='100000'/> <gid start='0' target='0' count='100000'/> </idmap> As you can see the root in container is mapped to the root outside. I was expected to see no difference

https://bugzilla.netfilter.org/show_bug.cgi?id=1064 Bug ID: 1064 Summary: iptables-save fails silently in unprivileged lxc/lxd container Product: iptables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: