My question is about how Docker instrument the storage for the container instance.
Do container applications or Docker create user namespaces when creating a new container instance?
Asked
Active
Viewed 311 times
-1
-
Yes, they do. Do you have a more specific question, or would you just like to see how that can be seen? – Uberhumus Jun 11 '22 at 09:35
-
@Uberhumus yes, I would like to know how the user namespace can be seen. Also, If I disable unprivileged_userns_clone (sysctl -w kernel.unprivileged_userns_clone=0) and try to run a docker instance in the unprivileged user, would that fail as docker cannot create a user space now ? – Franc Jun 11 '22 at 17:53
1 Answers
0
Docker creates namespaces. An lsns command before after docker run would show that there are extra user namespaces created.
-
Depends on how you run Docker. By default (and when running as a system service, which is the default when not stated otherwise) it doesn't create user namespaces, but can be configured to: lsns would show it didn't. – A.B Jun 14 '22 at 15:35