On Sat, 2017-01-28 at 20:27 -0800, Mike Wright wrote:
On 01/28/2017 02:10 PM, Patrick O'Callaghan wrote:
> Decided to try this, but there's a dependency on something called
> uidmap which doesn't seem to exist for Fedora (according to both dnf
> search and Google).
uid/gid remapping is only required for unprivileged containers. In your
situation that may not be a consideration. IOW, if your system is
locked down a limited purpose/access VM is probably as safe as its host.
Firewall it so as to not allow NEW inbound connections.
I could have used a VM from the start, but was hoping to avoid the
overhead. That's what containers are meant to provide. I would really
prefer it to be unprivileged.
It's odd that Fedora doesn't seem to support this. I'll have to dig
deeper. Maybe it's just there under another name.