From eebb7428f51efafc9e2c2e1d427f49d77769fe83 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Wed, 4 Jul 2018 17:19:12 +0900 Subject: [PATCH] rootless: update docs/rootless.md Signed-off-by: Akihiro Suda --- docs/rootless.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/rootless.md b/docs/rootless.md index 4910e9a6f466..e8b3369f95e5 100644 --- a/docs/rootless.md +++ b/docs/rootless.md @@ -2,7 +2,7 @@ Requirements: - runc `ecd55a4135e0a26de884ce436442914f945b1e76` (May 30, 2018) or later -- Some distros such as Debian and Arch Linux require `echo 1 > /proc/sys/kernel/unprivileged_userns_clone` +- Some distros such as Debian (excluding Ubuntu) and Arch Linux require `echo 1 > /proc/sys/kernel/unprivileged_userns_clone` - `newuidmap` and `newgidmap` need to be installed on the host. These commands are provided by the `uidmap` package. - `/etc/subuid` and `/etc/subgid` should contain >= 65536 sub-IDs. e.g. `penguin:231072:65536`. - To run in a Docker container with non-root `USER`, `docker run --privileged` is still required. See also Jessie's blog: https://blog.jessfraz.com/post/building-container-images-securely-on-kubernetes/ @@ -10,7 +10,7 @@ Requirements: ## Set up -Setting up rootless mode also requires some bothersome steps as follows, but you can also use [`rootlesskit`](https://github.com/AkihiroSuda/rootlesskit) for automating these steps. +Setting up rootless mode also requires some bothersome steps as follows, but you can also use [`rootlesskit`](https://github.com/rootless-containers/rootlesskit) for automating these steps. ### Terminal 1: