kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #37253 from kinvolk/rata/userns 

content: Clarify how to verify user abstraction
pull/37685/head
Kubernetes Prow Robot 2022-11-02 20:17:35 -07:00 committed by GitHub
parent 0d7cfc9181 28e090aac6
commit cdfab27ffc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
content/en/docs/concepts/workloads/pods/user-namespaces.md
View File

@ -90,9 +90,9 @@ This means containers can run as root and be mapped to a non-root user on the
host. Inside the container the process will think it is running as root (and host. Inside the container the process will think it is running as root (and
therefore tools like `apt`, `yum`, etc. work fine), while in reality the process therefore tools like `apt`, `yum`, etc. work fine), while in reality the process
doesn't have privileges on the host. You can verify this, for example, if you doesn't have privileges on the host. You can verify this, for example, if you
check the user the container process is running `ps` from the host. The user check which user the container process is running by executing `ps aux` from
`ps` shows is not the same as the user you see if you execute inside the the host. The user `ps` shows is not the same as the user you see if you
container the command `id`. execute inside the container the command `id`.
This abstraction limits what can happen, for example, if the container manages This abstraction limits what can happen, for example, if the container manages
to escape to the host. Given that the container is running as a non-privileged to escape to the host. Given that the container is running as a non-privileged