aarch64 missing USER_NS_UNPRIVILEGED

Discussion about U-Boot and the kernel.
Topic locked

aarch64 missing USER_NS_UNPRIVILEGED

Postby sodd » Tue Apr 14, 2020 7:23 pm

Hi,
I would like to run rootless podman on my macchiatobin board but, it seams USER_NS_UNPRIVILEGED isn't enabled in core/linux .config and I can't find any reasons why. I'm not sure if this is the right place to ask, but let's try ;)

PS: Also I had a problem with step num. 9. in https://archlinuxarm.org/platforms/armv ... cchiatobin installation. With that flash -image.bin i couldn't find my SATA devices after boot so after a little researching I had to build new das-u-boot flash-image and then everything start working as I expected.
sodd
 
Posts: 4
Joined: Sun Apr 12, 2020 7:36 pm
Top

Re: aarch64 missing USER_NS_UNPRIVILEGED

Postby Kabbone » Wed Apr 15, 2020 6:14 am

viewtopic.php?f=23&t=14193&p=62833#p62833

This was my experience on the topic a few months ago. I can't remember everything when I looked into, but I can tell you that systemd can run unprivileged containers without this config
Kabbone
 
Posts: 153
Joined: Thu Jul 25, 2013 9:20 am
Top

Re: aarch64 missing USER_NS_UNPRIVILEGED

Postby sodd » Thu Apr 16, 2020 5:48 am

thx for the reply,
I'll take a look at systemd-containers if this is a solution to run rootless containers in NS

but i don't understand why is here difference in kernel in this options. any performance issue or ?
sodd
 
Posts: 4
Joined: Sun Apr 12, 2020 7:36 pm
Top

Re: aarch64 missing USER_NS_UNPRIVILEGED

Postby Kabbone » Thu Apr 16, 2020 7:51 am

No, it has nothing to do with performance as far as I know. This is just not a mainline feature if you check the upstream source code.

ArchlinuxARM uses the mainline kernel with some small patches for a hand full of boards.
Archlinux (x86_64) also uses the mainline kernel but with other patches which don't get used for ArchlinuxARM.
Why this is so, you would need to ask the maintainer Kevin, but I would assume just to keep things as "simple" as possible and don't pull in other problems because of the patches and break stuff for some boards accidentally.

If you follow the path of this config in the kernel source code, you will end up in kernel/fork.c and the variable "unprivileged_userns_clone" and as far as I understand it, CONFIG_USERNS_UNPRIVILEGED just exposes the switch to sysctl.
So in my opinion, this should not make any difference in the abilities of running unprivilleged containers.
Kabbone
 
Posts: 153
Joined: Thu Jul 25, 2013 9:20 am
Top

Re: aarch64 missing USER_NS_UNPRIVILEGED

Postby sodd » Thu Apr 16, 2020 3:20 pm

thx again for your time :)
sodd
 
Posts: 4
Joined: Sun Apr 12, 2020 7:36 pm
Top

Re: aarch64 missing USER_NS_UNPRIVILEGED

Postby sodd » Sat Apr 18, 2020 12:28 pm

Ok, my problem was missing shadown package and indeed USER_NS_UNPRIVILEGED isn't necessary. Thx for your hint
sodd
 
Posts: 4
Joined: Sun Apr 12, 2020 7:36 pm
Top
Topic locked

Return to U-Boot/Kernel

Who is online

Users browsing this forum: No registered users and 4 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group    © Arch Linux ARM

cron