I’ve set up UID/GID remapping in order to share a disk with the host and this works wonderfully. However, I noticed that my processes are also UID-remapped.
For instance, with the following enabled for my container:
My concern is about the last process. In my understanding, the UID remapping was only for disk access, but it seems the full process is UID-remapped?
Does it mean that if someone breaks out of the container they will have access to the host as the 1000 user? Does not this defeat the goal of UID-shifting?
I’m a bit confused if I understand well the consequences of remapping an UID. Can you confirm if my hypothesis above are correct?
In case they are correct, what are my solutions to share disks with the host and still keep and the UID-shift intact?
I see shiftfs, but is it a viable solution? I didn’t see much documentation about it and this looks relatively new.
Is there any other solution (other than some UID/ACL hacking on the host) ?
Note: This explanation is for shiftfs!
Not really, It’s more complicated than that.
Users from the container will not have host access.
But a root or sudo user inside a container can set the uid of a file on the host and then a user on the host could use it to get root access.
But there are ways to prevent it.
See: Trying out shiftfs - comment 48 Trying out shiftfs - comment 54
I’ve set up my container with a shared disk and shiftfs and it’s working as I wanted it. I still have to create a new partition to forbid nosuid,nodev on mount.
Thank you for the documentation and especially for the github to add the shiftfs module to the kernel. You have my star.