[ 源代码: rootlesskit ]
软件包:rootlesskit(2.0.2-2 以及其他的)
Linux-native "fake root" for rootless containers
The purpose of RootlessKit is to run Docker and Kubernetes as an unprivileged user (known as "Rootless mode"), so as to protect the real root on the host from potential container-breakout attacks.
RootlessKit creates user_namespaces(7) and mount_namespaces(7), and executes newuidmap(1)/newgidmap(1) along with subuid(5) and subgid(5).
RootlessKit also supports isolating network_namespaces(7) with userspace NAT using "slirp".
This Debian package doesn't support vpnkit mode.
On Debian system, kernel.unprivileged_userns_clone should be enabled.
其他与 rootlesskit 有关的软件包
|
|
|
|
-
- dep: libc6 (>= 2.34)
- GNU C 语言运行库:共享库
同时作为一个虚包由这些包填实: libc6-udeb
-
- dep: uidmap
- programs to help use subuids
-
- rec: slirp4netns
- User-mode networking for unprivileged network namespaces