Exam4Training

Is this a Linux kernel namespace that is disabled by default and must be enabled at Docker engine runtime to be used?

Is this a Linux kernel namespace that is disabled by default and must be enabled at Docker engine runtime to be used?

Solution: user
A . Yes
B . No

Answer: A

Explanation:

The user namespace is a Linux kernel namespace that is disabled by default and must be enabled at Docker engine runtime to be used. The user namespace allows the host system to map its own uid and gid to some different uid and gid for containers’ processes. This improves the security of Docker by isolating the user and group ID number spaces, so that a process’s user and group ID can be different inside and outside of a user namespace1. To enable the user namespace, the daemon must start with –userns-remap flag with a parameter that specifies base uid/gid2. All containers are run with the same mapping range according to /etc/subuid and /etc/subgid3.

Reference: Isolate containers with a user namespace

Using User Namespaces on Docker

Docker 1.10 Security Features, Part 3: User Namespace

Latest DCA Dumps Valid Version with 55 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Exit mobile version