From 3a601bea112ab41044ed77d4fa9c7efa6fed0de3 Mon Sep 17 00:00:00 2001 From: Matt Bentley Date: Sat, 15 Apr 2017 08:32:23 -0500 Subject: [PATCH] Fixed code block formatting issues with indentation Signed-off-by: Matt Bentley --- security/userns/README.md | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/security/userns/README.md b/security/userns/README.md index 284a6f8..fc725c9 100644 --- a/security/userns/README.md +++ b/security/userns/README.md @@ -35,7 +35,6 @@ You must perform this step while logged in as the **ubuntu** user. root 8715 0.0 1.0 352332 38820 ? Ssl 12:56 0:01 /usr/bin/dockerd -H fd:// ubuntu 8896 0.0 0.0 8216 2188 pts/0 S+ 13:45 0:00 grep --color=auto dockerd - ``` The first line shows the Docker daemon (**dockerd**). The second line shows the `ps` command you just ran. The first column of the first line shows that the Docker daemon is running as **root**. @@ -48,12 +47,11 @@ You must perform this step while logged in as the **ubuntu** user. ubuntu@node:~$ sudo docker run --rm alpine id Unable to find image 'alpine:latest' locally -latest: Pulling from library/alpine -e110a4a17941: Pull complete -Digest: sha256:3dcdb92d7432d56604d4545cbd324b14e647b313626d99b889d0626de158f73a -Status: Downloaded newer image for alpine:latest -uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video) - + latest: Pulling from library/alpine + e110a4a17941: Pull complete + Digest: sha256:3dcdb92d7432d56604d4545cbd324b14e647b313626d99b889d0626de158f73a + Status: Downloaded newer image for alpine:latest + uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video) ``` The last line of the output above shows that the container is running as root - `uid=0(root)` and `gid=0(root)`. @@ -186,7 +184,6 @@ In this step you'll see how to implement user namespaces. rm: remove 'sh'? y rm: can't remove 'sh': Permission denied - ``` The operation fails with a permission denied error. This is because the file you are trying to delete exists in the local filesystem of the Docker Host and the container does not have root access outside of the namespace that it exists in.