Reputation: 23537
Unshare and newuidmap: update
I'm trying to create a process with its own namespace and then make a uid (and possibly gid) mapping. I'm following this question with this answer, but, as indicated in this recent comment, it no longer works.
Here's the skinny. First, you create a process in a new namespace with unshare:
unshare -U bash
And obtain the process it runs, with echo $$ or somesuch. You grab that PID and then, from another shell, you go:
newuidmap 12394 0 0 1
The answer, as indicated in the comment above, is:
newuidmap: uid range [0-1) -> [0-1) not allowed
In an update to the answer, Arks mentions:
it is something with settings in /etc/subuid and /etc/subguid files
I can't figure out, however, what they mean. Any idea?
Upvotes: 2
Views: 1375
Answers (1)
Reputation: 23537
Still don't understand why newuidmap does not work. But this article shows that writing to /proc/$$/uid_map does
echo '5 1000 1' > /proc/14671/uid_map
This is an one-time operation that can't be repeated, and in a single command, establishes the mapping for UIDs and GIDs.
Upvotes: 2
Related Questions
- Editing root-owned files after "unshare -Ur"
- unshare user namespace, fork, map uid then execvp failing
- Can't enter mount namespace created by a setuid process
- unshare command doesn't create new PID namespace
- Rust define new Uuid namespace
- unshare user namespace and set uid mapping with newuidmap
- unshare mount namespace not working as expected
- 'unshare' does not work as expected in C api
- Understanding the behavior of unshare CLONE_NEWNS
- Unmarshal with global namespace