Replies: 1 comment
-
Different namespace has their own uid set. Rootless basically create a child namespace and maps the uid 0 (root super user for linux) in the child namespace to the normal uid in parent namespace, which creates a fake root user. From the comment, |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi all,
I am new to nerdctl and containers in general.
I noticed a difference in behavior between rootful and rootless mode in the way ports are exposed in
nerdctl run --publish hostport:containerport"
commandIn rootless mode I can connect to the listening socket even when there is no server running on a container port.
For example:
However in rootful mode, the socket is not exposed and I can't connect to it from a client.
I traced the code to
nerdctl/pkg/ocihook/ocihook.go
Line 436 in cffdf87
Beta Was this translation helpful? Give feedback.
All reactions