On 15/07/2019 06:16, Nicholas D Steeves wrote: > Package: wnpp > Severity: wishlist > > Package name : fuidshift > Version : 3.0 > Upstream Author : Name <somebody@example.org> > URL : https://github.com/lxc/lxd/tree/master/fuidshift > License : Apache 2.0 > Programming Lang: Go > Description : remap a filesystem tree to shift one set of UID/GID ranges to another > > Fuidshift is useful for converting privileged containers to > unprivileged ones, and also to adapt a container master to multiple > users' authorised subuid and subguid ranges. It also sounds like it > might be useful for fixing up cases where --numeric-owner should have > been used, but where it would be too labour-intensive to manually chown. > > I learned about this tool via the following document: > https://github.com/BenSartor/unprivileged-lxc-containers > > Here is the upstream description: > > This tool lets you remap a filesystem tree, switching it from one > set of UID/GID ranges to another. > This is mostly useful when retrieving a wrongly shifted filesystem tree > from a backup or broken system and having to remap everything either to > the host UID/GID range (uid/gid 0 is root) or to an existing container's > range. > A range is represented as <u|b|g>:<first_container_id>:<first_host_id>:<size>. > Where "u" means shift uid, "g" means shift gid and "b" means shift uid and gid. > > https://github.com/lxc/lxd/blob/81b81b9ace3064c8065319f4e984378244587d80/fuidshift/main_shift.go#L26-L36 > > It's part of the LXD project, but I'm not sure if it's as difficult to > package as LXD itself, which is one reason why I've CCed the Go team. > I also wonder if the best way to get this into Debian would be a > src:lxd that produces bin:fuidshift. > > An alternative to this, written on C, is uidmapshift that can be found at https://code.launchpad.net/~serge-hallyn/+junk/nsexec Its packaged for Arch, see: https://wiki.archlinux.org/index.php/Linux_Containers#Converting_a_privileged_container_to_an_unprivileged_container
Attachment:
signature.asc
Description: OpenPGP digital signature