Minimal tool (when compiled with CFLAGS='-s', the binary is around 10Kb) for launching a program into a new user namespace and have multiple users mapped.
The subuidmap and subgidmap tools are required for setting up the
user namespace.
The current user is mapped to the root user into the namespace, while
any additional uid/gid in /etc/subuid and /etc/subgid is mapped
starting with the ID 1.
Assuming you have the autotools and gcc installed:
$ ./autogen.sh && ./configure && makeSome options are available:
a: create all the namespacesc: create a CGroup namespacei: create an IPC namespacem: create a mount namespacen: create a network namespacep: create a PID namespace and forku: create an UTS namespaceP: mount a new/procS: mount a new/sysN: configure the network with slirp4netns
$ become-root unshare -m echo hi from a new user and mount namespace
hi from a new user and mount namespace
$ become-root cat /proc/self/uid_map
0 1000 1
1 110000 65536
$ become-root id
uid=0(root) gid=0(root) groups=0(root),65534(nfsnobody) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
$ become-root -aPS ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 246344 2016 pts/7 R+ 13:58 0:00 ps aux