Score:1

namespace - nobody to root mapping

us flag

I'd like to create new user namespace being root with the command:

# unshare -U bash
$ echo $$
3500
$ id
uid=65534(nobody) ... etc

After that I edit /proc/3500/uid_map im my initial namespace as root:

# echo "0 100000 65536" > /proc/3500/uid_map

My /etc/subuid file I've created:

root:100000:65536

Now when I'm back in newly created user namespace by unshare:

# exec bash
uid=65534 ... etc

still get nobody user. Is root not allowed to create mapping for himself? Or I'm doing something wrong? :)

A.B avatar
cl flag
A.B
Your test doesn't appear to have an interesting outcome once working. The user namespace is usually made to have a non root user appear as a root user. Doing the opposite: have root become user 100000, thus having no privilege in the new namespace but still able to affect files owned by root in the initial namespace (because everything root will appear as user 100000 in this new, once done correctly so still alterable) doesn't look interesting. So what's your *actual* use case? (beware of https://xyproblem.info/ )
djdomi avatar
za flag
IMHO Questions should demonstrate reasonable information technology management practices. Questions that relate to unsupported hardware or software platforms or unmaintained environments may not be suitable for Server Fault.
Score:0
gb flag

If you want to be root within the new namespace, why not

unshare -Ur bash

?

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.