Merging upstream version 20190222.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 29 insertions, 10 deletions

diff --git a/share/doc/HOST-SETUP.txt b/share/doc/HOST-SETUP.txt
index 74b7333..d2e4216 100644
--- a/share/doc/HOST-SETUP.txt
+++ b/share/doc/HOST-SETUP.txt
@@ -1,5 +1,5 @@
-container-tools: Host Setup
-===========================
+compute-tools: Host Setup
+=========================
 
 
 1. Debian Packages
@@ -180,14 +180,33 @@ iface br100 inet static
 EOF
 
 
-4. Enabling container-shell
+4. Enabling user namespace for unprivileged containers
+------------------------------------------------------
+
+Linux supports unprivileged containers with the user namespace.
+By default the user namespace is disabled on Debian systems (see #898446).
+To enable user namespace, edit the following file for a permant change:
+
+  /etc/sysctl.d/zz-compute-tools.conf
+  sysctl -p
+
+or enable it manually with:
+
+  echo 1 > /proc/sys/kernel/unprivileged_userns_clone
+
+Note that containers need to be started with the correct
+configuration in /etc/compute-tools/container/config to run unpriviled
+(private-users option).
+
+
+5. Enabling container-shell
 ---------------------------
 
-Managing containers requires root privileges. In order to allow unprivileged
-users to manage containers without granting them privileges or accounts,
-the container-shell can be used together with sudo and a container user.
+Managing privileged containers requires root privileges. In order to allow
+unprivileged users to manage privileged containers without granting them
+privileges or accounts, the container-shell can be used together with sudo
+and a container user.
 
-  sudo adduser --gecos "container-tools,,," \
-	--home /var/lib/machines/container-tools \
-	--shell /usr/bin/container-shell \
-	--no-create-home container
+  sudo adduser --gecos "compute-tools,,," \
+	--home /var/lib/open-infrastructure/container-shell \
+	--shell /usr/bin/container-shell