Think of yourself working on a managed Linux server, just using a normal user identity, without any way to use root at all. Lazy and paranoid system administrators refuse to install any new packages.
Docker, Podman, and other container runtimes are not currently installed on the system.
In this case, is there any way for me to run the Docker/OCI image? I know there will be many limitations in rootless docker, but I can accept these limitations.
/sbin/sysctl user.max_user_namespaces
doesn't return 0 and (if the patch for this entry exists)/sbin/sysctl kernel.unprivileged_userns_clone
returns 1 or doesn't exist. With these, you can run a very very limited container-like setup. If in addition the privileged commandsnewuidmap
andnewgidmap
are available, much more can be made possible. So what do you have available?