[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[HTCondor-users] Docker Universe: mapping of container's root to other UID/GID?

Hi all,

is there actually a knob for the Docker universe to map UIDs/GIDs in an
container onto another range on the host?

I stumbled over [1] and am wondering, if it would make sense to map at
least root to another UID/GID - assuming it would reduce(?) the risks by
some hypothetical exploit allowing root to escape a container?



~~> docker run -lxc-conf=âlxc.id_map = u 0 100000 65536â
-lxc-conf=âlxc.id_map = g 0 100000 65536

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature