Peter Babič @peterbabic@fosstodon.org

1.07 MiB

This is a major gamechanger, finally - entering the namespace

nsenter -U --preserve-credentials -n -m -t $(cat $XDG_RUNTIME_DIR/docker.pid)

Hiding in plain sight:

Rootless mode executes the Docker daemon and containers inside a user namespace. This is very similar to userns-remap mode, except that with userns-remap mode, the daemon itself is running with root privileges, whereas in rootless mode, both the daemon and the container are running without root privileges.

https://docs.docker.com/engine/security/rootless/#how-it-works

Here are some useful hints finally https://docs.whitespots.io/practices-implementation/design/best-practices-for-developers/devops/docker/running-docker-in-rootless-mode-in-ubuntu

Why do I do this to myself, this is such a massive rabbit hole.

Can/should rootless Docker be used with userns-remap? Searched Interwebs hi-and-lo, twice already.

For everyone who loves to cheat in games, and ones that contain letters in particular, here's a tip:

https://www.dcode.fr/word-search-regexp

Isn't it amazing to think that the Sixth edition of Unix was 2.3% the size of a base Wordpress install?

now I am puzzled: every rootless container has the same namespace in /proc/self/uid_map

0 1000 1
1 165536 65536

I would expect the numbers 165536 and 65536 to be different in every container. At least this is how I imagined the namespace *isolation*

A calendar from 2011 can be used this year.

TIL that operating systems terminology contains "trap" word which is related to interrupts.

Found on the end of charm.sh page

haters > /dev/null™

FreeCAD allows to insert 5.75/2 into the radius column and calculates the value for you. Nice when working with diameters. mindblown

Updated Arch. Now FreeCAD has monospace font all over it. Hmm

Nuff said

Some notifications came to me here that are 7d and 16d old. Any explanation?