Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extend the default subuid range from 64k to 1G #1227

Closed
AkihiroSuda opened this issue Dec 7, 2022 · 2 comments · Fixed by #2725
Closed

Extend the default subuid range from 64k to 1G #1227

AkihiroSuda opened this issue Dec 7, 2022 · 2 comments · Fixed by #2725
Labels
component/nerdctl enhancement New feature or request
Milestone
v1.0

Comments

@AkihiroSuda
Copy link
Member

For:
@AkihiroSuda AkihiroSuda added enhancement New feature or request component/nerdctl labels Dec 7, 2022
@ningziwen
Copy link
Contributor

If the subuid range is limited, no matter how large it is, there can be an image that exceeds it.

I think we may want to think several questions before changing the default value:

  1. Is it really necessary to keep the uid/gid that large in the extramely large uid/gid use cases?
  2. If yes for 1, how common are the extremely large uid/gid use cases? If it is rare, does it make more sense to make it configurable instead of changing the default value?
  3. What is the side effect of making subuid range large?
    (unless you know better ones)

@AkihiroSuda AkihiroSuda mentioned this issue Jan 22, 2023
Closed
@AkihiroSuda AkihiroSuda added this to the v1.0 milestone Oct 8, 2024
@AkihiroSuda AkihiroSuda mentioned this issue Oct 11, 2024
Merged
@AkihiroSuda AkihiroSuda changed the title Extend the default subuid range from 64k to > 2G Extend the default subuid range from 64k to 1G Oct 11, 2024
@AkihiroSuda
Copy link
Member Author

  1. Is it really necessary to keep the uid/gid that large in the extramely large uid/gid use cases?

Yes, because users can't change the UIDs used in the image without modifying Dockerfile and rebuilding it.
Conceptually we could just hook syscalls to fake UIDs (https://github.com/rootless-containers/subuidless) but it is not matured.

  1. If yes for 1, how common are the extremely large uid/gid use cases? If it is rare, does it make more sense to make it configurable instead of changing the default value?

Probably rare, and the user can just modify the uid range with vi /etc/subuid /etc/subgid.

  1. What is the side effect of making subuid range large?
    (unless you know better ones)

It will become hard to allocate subuids without conflicting with other primary users on multi-user env, but it is unlikely to be a problem for Lima.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component/nerdctl enhancement New feature or request
Projects
None yet
Milestone
v1.0
Development

Successfully merging a pull request may close this issue.

rootless: allocate 1G subuids from 524288 (0x80000) AkihiroSuda/lima-vm-lima
2 participants
@ningziwen @AkihiroSuda