On Wed, 04.01.17 14:35, Daniel J Walsh ([email protected]) wrote: > We are seeing issues attempting to do this with docker/runc. Basic > problem is /sys/fs/cgroup/systemd is owned by real root. Is there > something we need to change in runc, to make this directory owned by > UserNamespace-Root?
"systemd-nspawn -U" implements user namespaces, and systemd runs fine inside of it, so yes, we support that. Well, unless I am mistaken a user namespace root will not have the privileges to mount cgroupfs, hence yes, your container manager of choice needs to pre-mount it correctly, and then change the perms of it to match the user namespace root. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
