29 lines
929 B
Markdown
29 lines
929 B
Markdown
---
|
|
title: user namespace
|
|
id: userns
|
|
date: 2021-07-13
|
|
full_link: https://man7.org/linux/man-pages/man7/user_namespaces.7.html
|
|
short_description: >
|
|
A Linux kernel feature to emulate superuser privilege for unprivileged users.
|
|
|
|
aka:
|
|
tags:
|
|
- security
|
|
---
|
|
|
|
A kernel feature to emulate root. Used for "rootless containers".
|
|
|
|
<!--more-->
|
|
|
|
User namespaces are a Linux kernel feature that allows a non-root user to
|
|
emulate superuser ("root") privileges,
|
|
for example in order to run containers without being a superuser outside the container.
|
|
|
|
User namespace is effective for mitigating damage of potential container break-out attacks.
|
|
|
|
In the context of user namespaces, the namespace is a Linux kernel feature, and not a
|
|
{{< glossary_tooltip text="namespace" term_id="namespace" >}} in the Kubernetes sense
|
|
of the term.
|
|
|
|
<!-- TODO: https://kinvolk.io/blog/2020/12/improving-kubernetes-and-container-security-with-user-namespaces/ -->
|