samba-domain
samba-domain copied to clipboard
Enable unprivileged containers
This includes two features that make it possible to run unprivileged. 1. Setting the XID range with IDLOWER
and IDUPPER
(in order to fit within a container-remapped UID range of 0-65535) and 2. Setting ACLSTORAGE
to userns
which provides some options to the storage modules to record ACL data in a namespace where an unprivileged container can get at it. See changes in README.md for more info.
These changes are based on a significant amount of research and tinkering and may not be 100% correct but they seem to work in the home-lab environment I've tested with so far, feedback welcome.