kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #37253 from kinvolk/rata/userns 

content: Clarify how to verify user abstraction
pull/37685/head
Kubernetes Prow Robot 2022-11-02 20:17:35 -07:00 committed by GitHub
parent 0d7cfc9181 28e090aac6
commit cdfab27ffc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
content/en/docs/concepts/workloads/pods/user-namespaces.md
View File

@ -90,9 +90,9 @@ This means containers can run as root and be mapped to a non-root user on the
host. Inside the container the process will think it is running as root (and
therefore tools like `apt`, `yum`, etc. work fine), while in reality the process
doesn't have privileges on the host. You can verify this, for example, if you
check the user the container process is running `ps` from the host. The user
`ps` shows is not the same as the user you see if you execute inside the
container the command `id`.
check which user the container process is running by executing `ps aux` from
the host. The user `ps` shows is not the same as the user you see if you
execute inside the container the command `id`.
This abstraction limits what can happen, for example, if the container manages
to escape to the host. Given that the container is running as a non-privileged