On Wed, Mar 6, 2013 at 2:25 PM, Serge Hallyn <serge.hal...@ubuntu.com> wrote: > just to help play with user namespaces some more I pushed a C version > of Eric's script for completely unprivileged use of user namespaces to > https://code.launchpad.net/~serge-hallyn/+junk/nsexec and to the > nsexec package in ppa:serge-hallyn/userns-natty. Appending the code > below as well. The point is: you unshare a new user namespace, and > in there you map uid 0 to your host uid, then start a shell. This > requires zero setup on the host (so the shadow package updates to define > per-user subuids are not needed for these games). From that shell you > can unshare mounts, network, uts namespace, etc, and basically be root > in your fake little domain. > > It's fun. I just './usernsselfmap', and I can pretend I'm root.
Yeah, cool. I updated my tools based on the example too. It looks like I was losing a race, so adding the pipe sync solved my issues. Also, I think you can only map a range of 1. > BTW, Eric, where the heck does one find the latest version of > util-linux? Latest I could find did not yet know about userns. > (Once that lands in ubuntu I can drop my nsexec altogether, as well > as lxc-unshare) AFAICT, it hasn't been released yet. It was only in vcs. I had to go find libuser too. :) > > Anyway, enjoy! Thanks! I wish there was a cleaner way to do this kind of IPC lock-step. It's such a common pattern, and it's so unreadable. :) -Kees -- Kees Cook Chrome OS Security ------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
