[lxc-devel] [lxc/master] README: reword id mapping restrictions when unpriv
brauner on Github
lxc-bot at linuxcontainers.org
Mon May 29 04:03:56 UTC 2017
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 411 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170529/972bc9c0/attachment.bin>
-------------- next part --------------
From ac8f64dc73d41b5476dffbdfcb38552d6d15598d Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Mon, 29 May 2017 06:02:24 +0200
Subject: [PATCH] README: reword id mapping restrictions when unpriv
Suggested-by: Serge Hallyn <serge at hallyn.com>
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
README.md | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/README.md b/README.md
index e03e34799..7dfb8a34c 100644
--- a/README.md
+++ b/README.md
@@ -70,10 +70,10 @@ quite restricted. Just to highlight the two most common problems:
inside of the container will not be able to boot up correctly.
2. User Namespaces: As outlined above, user namespaces are a big security
- enhancement. However, users which are unprivileged on the host will only be
- able to establish a mapping for their own UID if they do not rely on
- privileged helpers. A standard POSIX system however, requires 65536 UIDs and
- GIDs to be available to guarantee full functionality.
+ enhancement. However, without relying on privileged helpers users who are
+ unprivileged on the host are only permitted to map their own UID into
+ a container. A standard POSIX system however, requires 65536 UIDs and GIDs
+ to be available to guarantee full functionality.
## Configuration
More information about the lxc-devel
mailing list