Skip to content

Latest commit

 

History

History
40 lines (28 loc) · 725 Bytes

Selinux_userns.md

File metadata and controls

40 lines (28 loc) · 725 Bytes
Raw

Edit boot

grubby --args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)"
reboot

update sysctl

echo "user.max_user_namespaces=15000" >> /etc/sysctl.conf
sysctl -p

install Docker CE

yum install -y yum-utils vim
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce -y
systemctl enable docker
systemctl start docker

add subuid/subgid

echo "dockremap:123000:65536" >> /etc/subuid
echo "dockremap:123000:65536" >> /etc/subgid

update daemon.json

echo -e "{\n \"selinux-enabled\": true,\n \"userns-remap\": \"default\"\n}" > /etc/docker/daemon.json
systemctl restart docker