Tweak uid/gid map default configuration
- Use an allocation of 65536 uids and gids to allow for POSIX-compliant user owned namespaces. - Don't allocate a uid/gid map to system users. Unfortunately checking for --system isn't quite enough as some distribution wrappers always call useradd without --system and take care of choosing a uid and gid themselves, so also check whether the requested uid/gid is in the user range. This is taken from a patch I wrote for Ubuntu a couple years ago and which somehow didn't make it upstream. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
This commit is contained in:
Stéphane Graber
@@ -229,7 +229,7 @@ SYS_UID_MAX 999
|
||||
# Extra per user uids
|
||||
SUB_UID_MIN 100000
|
||||
SUB_UID_MAX 600100000
|
||||
SUB_UID_COUNT 10000
|
||||
SUB_UID_COUNT 65536
|
||||
|
||||
#
|
||||
# Min/max values for automatic gid selection in groupadd(8)
|
||||
@@ -242,7 +242,7 @@ SYS_GID_MAX 999
|
||||
# Extra per user group ids
|
||||
SUB_GID_MIN 100000
|
||||
SUB_GID_MAX 600100000
|
||||
SUB_GID_COUNT 10000
|
||||
SUB_GID_COUNT 65536
|
||||
|
||||
#
|
||||
# Max number of login(1) retries if password is bad
|
||||
|
||||
Reference in New Issue
Block a user