> Why is that? Are you bind-mounting /usr or / from the host? Generally > if you've created a full container, the rootfs should be uid-shifted so that > /usr/lib/sudo/sudoers.so should be owned by uid 0 in the container >
Yeah, I was using lxc-excute with "default isolation". I fully understand/appreciate the downsides of not using a container will a full rootfs, but I had a very specific use case in mind. > Ok, so are you actually wanting to run programs on the host, as non-root > user, inside a container? Or do you have a full container rootfs under > ~/.local/share/lxc/$container/rootfs ? > Yup, my goal was to just launch `some_random_command_line_utility` on the host, as non-root, and apply a policy that provides some extra assurances above/beyond (seccomp, no other valid uid mappings, possibly an apparmor profile, etc) what executing the process as a low privilege user would have on its own. _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
