Quoting Patrick Toomey ([email protected]): > > > > Hm, yes, because 'lxc-execute' starts the container with "lxc-init" as > > the pid 1, which then executes the program you requested. You could > > > > 1. do something like lxc-execute -- sudo --user \#1000 bash > > > I thought of that, but it seems sudo won't work since sudo/suid root > binaries won't work from the container (part of the goal). I get the > following error > > sudo: error in /etc/sudo.conf, line 0 while loading plugin `sudoers_policy' > sudo: /usr/lib/sudo/sudoers.so must be owned by uid 0 > > The above makes sense because /usr/lib/sudo/sudoers.so is owned by > nobody/nogroup since those uids are not mapped inside the container.
Why is that? Are you bind-mounting /usr or / from the host? Generally if you've created a full container, the rootfs should be uid-shifted so that /usr/lib/sudo/sudoers.so should be owned by uid 0 in the container > > > 2. actually start the full container using lxc-start, then ssh in as your > > user. > > > Yeah, this is an option..but was hoping to have something with less > configuration overhead for running trivial executables from the host > system. Ok, so are you actually wanting to run programs on the host, as non-root user, inside a container? Or do you have a full container rootfs under ~/.local/share/lxc/$container/rootfs ? > > Hm, are you doing this nested, i.e. from inside a container? For some > > reason you are in a network namespace different from cgmanager's. You > > can confirm this by doing > > > > ls -li /proc/self/ns/pid > > ls -li /proc/`pidof cgmanager`/ns/pid > > > > I'm running this from an ubuntu 14.10 install on vmware. It looks like > they are in the same namespace: > > my_user@ubuntu:~$ ls -li /proc/self/ns/pid > 32153 lrwxrwxrwx 1 my_user my_user 0 Feb 26 00:21 > /proc/self/ns/pid -> pid:[4026531836] > my_user@ubuntu:~$ sudo ls -li /proc/`pidof cgmanager`/ns/pid > 10252 lrwxrwxrwx 1 root root 0 Feb 25 16:42 /proc/620/ns/pid -> > pid:[4026531836] > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
