Unprivileged Containers, with Transient User Namespaces and ID Mapping, but Without SETUID Binaries
Presenters Lennart Poettering Source All Systems Go! 2025 🚀 Unveiling Transient UID Delegation: A New Era for Unprivileged Containers 🤖 The world of containerization is constantly evolving, and a recent presentation spotlighted a truly innovative approach: Transient UID Delegation. Forget the traditional complexities of subuid/subgid assignments – this new model focuses on providing temporary, on-demand UID ranges for containers, opening up exciting possibilities for enhanced security and simplified management. Let’s dive in! ...