|
|
|
|
|
|
by moody5bundle
1462 days ago
|
|
|
Yup, and based on that mapping table the process inside the container is not allowed to create another namespace and/or fuse-overlayfs. That's why you need to mount /dev/fuse into the container (you might also need cap_sys_admin and cap_mknod). There is another link from RedHat which also explains it: https://www.redhat.com/sysadmin/podman-inside-container You can run "capsh --print" to see your current capabilities. And to run a container without any capabilities: podman run --cap-drop ALL -it fedora capsh --print |
|
|