fix(virtualisation): specify sub{u,g}id ranges for containers instead of root
Privileged podman uses `containers` user for user namespaces.
This commit is contained in:
parent
f1219e1045
commit
a19fb94480
1 changed files with 5 additions and 1 deletions
|
@ -20,7 +20,9 @@ _:
|
||||||
};
|
};
|
||||||
|
|
||||||
# Increase sub{u,g}id range
|
# Increase sub{u,g}id range
|
||||||
users.users."root" = {
|
users.users."containers" = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "containers";
|
||||||
subUidRanges = [{
|
subUidRanges = [{
|
||||||
startUid = 60100000;
|
startUid = 60100000;
|
||||||
count = 60000000;
|
count = 60000000;
|
||||||
|
@ -30,4 +32,6 @@ _:
|
||||||
count = 60000000;
|
count = 60000000;
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
users.groups.containers = { };
|
||||||
}
|
}
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue