|
|
|
|
|
|
by yrro
2220 days ago
|
|
|
yrro@host$ podman run --rm -it debian:unstable bash -x -c 'id; cat /proc/self/uid_map'
+ id
uid=0(root) gid=0(root) groups=0(root)
+ cat /proc/self/uid_map
0 876099160 1
1 231073 65536
This is done as a regular user with special rights on the system; all that is required are entries for yrro within /etc/subuid and /etc/subgid. There's no equivalent of Docker's daemon that hands out root on the machine to anyone who can connect to its socket. |
|
|