opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-07-02 00:30:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

[CI:DOCS]rootless exec cannot join root namespace

Browse Source 
add a quick note in the rootless.md about usage of --net=host as rootless and subsequent podman execs.

Fixes: #4473

Signed-off-by: Brent Baude <bbaude@redhat.com>
This commit is contained in:
Brent Baude
2020-01-27 15:42:51 -06:00
parent 094baa5366
commit 9de18a1704
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
rootless.md
View File

@ -44,3 +44,4 @@ can easily fail
* If a build is attempting to use a UID that is not mapped into the user namespace mapping for a container, then builds will not be able to put the UID in an image.
* Making device nodes within a container fails, even when running --privileged.
* The kernel does not allow non root user processes (processes without CAP_MKNOD) to create device nodes. If a container needs to create device nodes, it must be run as root.
* When using --net=host with rootless containers, subsequent podman execs to that container will not join the host network namespace because it is owned by root.