On Thu, Oct 01, 2015 at 04:54:08PM -0500, Luis Michael Ibarra wrote: > Hi, > > I found an interesting behavior today which I think is not wrong but it's > still interesting. > > When I tried to copy a file from the host to /root inside the container > using cp, this happened. > > On the host: > $sudo cp some_file.sh /var/lib/lxc/containers/c1/rootfs/root/ > > On the container: > #ls -la /root/ | grep some_file.sh > -rwxr-xr-x 1 *nobody nogroup* 3450 Oct 1 21:34 some_file.sh > > #chown root.root /root/some_file.sh > chown: changing ownership of 'some_file.sh': Operation not permitted > > This behavior happens only in the /root/ directory on the container, > because this directory has 700 as its permissions. So, the only way to > write inside is being root on the host, but id 0 is not mapped in > /etc/subuid/ inside the container. I can write directly to any other > directory of the container's root tree from the host without getting sudo > privileges because my user is in the lxd group. > > So, lesson learned that always use push/pull to copy files. > > Disclaimer: I know how push/pull works, I was trying to copy a file in the > old fashioned way.
Yep, there is a reason (besides network transparency) for push/pull :) -- Stéphane Graber Ubuntu developer http://www.ubuntu.com
signature.asc
Description: Digital signature
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
