vbatts/shadow-utils-newxidmap
Project ID: 21317
Description
an effort to test usernamespace uid/gid mapping on centos7 without forcing an upgrade of shadow-utils. This builds from a fork of fedora shadow-utils, managed here.
This is a workaround to BZ1498628.
Installation Instructions
curl -o /etc/yum.repos.d/vbatts-shadow-utils-newxidmap-epel-7.repo https://copr.fedorainfracloud.org/coprs/vbatts/shadow-utils-newxidmap/repo/epel-7/vbatts-shadow-utils-newxidmap-epel-7.repo
yum install -y shadow-utils46-newxidmap
Also, to actually use user namespaces on centos7 host, you'll have to increase the default allowed user namespaces:
echo "user.max_user_namespaces=28633" > /etc/sysctl.d/userns.conf
sysctl -p /etc/sysctl.d/userns.conf
Since the adduser will not create the /etc/sub{u,g}id files, you'll need to do this for users intending to use this:
adduser testuser
echo "testuser:100000:65536" > /etc/subuid
echo "testuser:100000:65536" > /etc/subgid
additional packages for non-root containers
On centos7/RHEL7 you'll need slirp4netns to get podman and buildah to work as non-root user. That package is currently provided here as well, for convenience sake.
yum install slirp4netns
Demos
- Install and
podman run- https://asciinema.org/a/221441 podman build||buildah bud- https://asciinema.org/a/221444
Active Releases
The following unofficial repositories are provided as-is by owner of this project. Contact the owner directly for bugs or issues (IE: not bugzilla).
| Release | Architectures | Repo Download |
|---|---|---|
EPEL 7
|
ppc64le (394)*, x86_64 (7754)* | EPEL 7 (12910 downloads) |
* Total number of downloaded packages.