diff options
author | Christian Brauner <brauner@kernel.org> | 2022-01-27 10:39:47 +0100 |
---|---|---|
committer | Luca Boccassi <luca.boccassi@gmail.com> | 2022-01-27 10:15:56 +0000 |
commit | 7e7a9f9c8b7b237047a5e0837da72efc21022b5a (patch) | |
tree | 7860895e936a4af6b91b7881277776102133ad6f /NEWS | |
parent | a21440f6d6518feefc09492df74389ef630b16c9 (diff) | |
download | systemd-7e7a9f9c8b7b237047a5e0837da72efc21022b5a.tar.gz |
NEWS: mention temporary limitations for running containers in systemd-homed directories
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -12,6 +12,19 @@ CHANGES WITH 251: * Services with Restart=always and a failing ExecCondition= will no longer be restarted, to bring ExecCondition= in line with Condition*= settings. + * In v250 systemd-homed started making use of UID mapped mounts for the + home areas if the kernel and used file system support it. Files are + now internally owned by the "nobody" user (i.e. the user typically + used for indicating "this ownership is not mapped"), and dynamically + mapped to the UID used locally on the system via the UID mapping + mount logic of recent kernels. + In the current implementation systemd-homed only maps a limited + number of UIDs and GIDs making it impossible to run unprivileged + containers that want to map a full POSIX compliant UID and GID range + with their rootfs located within the systemd-homed managed home area. + This will be fixed in subsequent releases. See + https://github.com/systemd/systemd/pull/22239 for a proposal. + CHANGES WITH 250: * Support for encrypted and authenticated credentials has been added. |