Hello,
I do the following in my ~/.config/lxc/default.conf:
# Container specific configuration
lxc.id_map = u 1001 101001 64535
lxc.id_map = g 1001 101001 64535
# uid and gid 1000 isn’t translated so that the container can access the
# X socket and dri and snd and video0 devices
lxc.id_map = u 0 100000 1000
lxc.id_map = g 0 100000 1000
lxc.id_map = u 1000 1000 1
lxc.id_map = g 1000 1000 1
I was wondering compared to an unprivileged container where I simply
map:
lxc.id_map=u 0 100000 65536
lxc.id_map=g 0 100000 65536
1) Am I significantly more vulnerable when I preserve the uid/gid of my
unprivileged user on the host for my user in the container?
2) And is there a different solution which would allow me to grant
access to the sound and video devices in /dev/snd and /dev/dri to the
user in my unprivileged container while still preserving the standard
mapping:
lxc.id_map=u 0 100000 65536
lxc.id_map=g 0 100000 65536
Best,
Christian
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users
