README: reword id mapping restrictions when unpriv

author Christian Brauner <christian.brauner@ubuntu.com>

Mon, 29 May 2017 04:02:24 +0000 (06:02 +0200)

committer Christian Brauner <christian.brauner@ubuntu.com>

Mon, 29 May 2017 04:02:24 +0000 (06:02 +0200)
author Christian Brauner <christian.brauner@ubuntu.com>
Mon, 29 May 2017 04:02:24 +0000 (06:02 +0200)
committer Christian Brauner <christian.brauner@ubuntu.com>
Mon, 29 May 2017 04:02:24 +0000 (06:02 +0200)
diff --git a/README.md b/README.md

index e03e3479911a2d1d333fca260b040be2b517da76..7dfb8a34c86af70e78b655b7ef419bfc8cef15eb 100644 (file)
--- a/README.md
+++ b/README.md
@@ -70,10 +70,10 @@ quite restricted. Just to highlight the two most common problems:
     inside of the container will not be able to boot up correctly.
  
  2. User Namespaces: As outlined above, user namespaces are a big security
-   enhancement. However, users which are unprivileged on the host will only be
-   able to establish a mapping for their own UID if they do not rely on
-   privileged helpers. A standard POSIX system however, requires 65536 UIDs and
-   GIDs to be available to guarantee full functionality.
+   enhancement. However, without relying on privileged helpers users who are
+   unprivileged on the host are only permitted to map their own UID into
+   a container. A standard POSIX system however, requires 65536 UIDs and GIDs
+   to be available to guarantee full functionality.
  
  ## Configuration
author	Christian Brauner <christian.brauner@ubuntu.com>
	Mon, 29 May 2017 04:02:24 +0000 (06:02 +0200)
committer	Christian Brauner <christian.brauner@ubuntu.com>
	Mon, 29 May 2017 04:02:24 +0000 (06:02 +0200)