如何使 /etc 在 userns 中的 kubelet 的用户命名空间内可写

How to make /etc writable inside user namespace for kubelet in userns

在用户命名空间 运行 kubelet 的 kubernetes 文档中,https://kubernetes.io/docs/tasks/administer-cluster/kubelet-in-userns/,其中一项要求是:

At least, the following directories need to be writable in the namespace (not outside the namespace):

/etc

如何在用户命名空间中实现这一点?

您在上面引用的文档部分解释说:

After unsharing the user namespace, you will also have to unshare other namespaces such as mount namespace.

You do not need to call chroot() nor pivot_root() after unsharing the mount namespace, however, you have to mount writable filesystems on several directories in the namespace.