NEWS: mention temporary limitations for running containers in systemd-homed directories

2024-07-24 03:36:24 +00:00 · 2022-01-27 10:39:47 +01:00 · 2022-01-27 10:39:47 +01:00 · 7e7a9f9c8b
parent a21440f6d6
commit 7e7a9f9c8b
1 changed files with 13 additions and 0 deletions
--- a/13
+++ b/13
@ -12,6 +12,19 @@ CHANGES WITH 251:
        * Services with Restart=always and a failing ExecCondition= will no longer
          be restarted, to bring ExecCondition= in line with Condition*= settings.

+        * In v250 systemd-homed started making use of UID mapped mounts for the
+          home areas if the kernel and used file system support it. Files are
+          now internally owned by the "nobody" user (i.e. the user typically
+          used for indicating "this ownership is not mapped"), and dynamically
+          mapped to the UID used locally on the system via the UID mapping
+          mount logic of recent kernels.
+          In the current implementation systemd-homed only maps a limited
+          number of UIDs and GIDs making it impossible to run unprivileged
+          containers that want to map a full POSIX compliant UID and GID range
+          with their rootfs located within the systemd-homed managed home area.
+          This will be fixed in subsequent releases. See
+          https://github.com/systemd/systemd/pull/22239 for a proposal.
+
 CHANGES WITH 250:

        * Support for encrypted and authenticated credentials has been added.