Quoting Carlos Alberto Lopez Perez ([email protected]): > On 11/01/16 23:13, Serge Hallyn wrote: > > Quoting [email protected] ([email protected]): > >> Hmm, this is interesting. > >> I am runnung my container from the unprivileged user 'lxduser' and yet: > >> > >> root@qumind:~# ps -ef | grep '[l]xc monitor' > >> root 7609 1 0 11:54 ? 00:00:00 [lxc monitor] > >> /var/lib/lxd/containers pgroonga > >> > >> What is wrong here? > > > > You're using lxd. Lxd runs as root. You are not starting the > > containers as 'lxduser' - you are making requests as 'lxduser' for > > the root-owned process 'lxd' to start the containers. > > I understood that LXD uses unprivileged containers by default... > > Does this mean that LXD is starting the unprivileged containers as root?
yes. It does many things which an unprivileged user cannot do, so it has to run as root. The lxc-attach weakness I mentioned does not apply to 'lxc exec', because lxd interposes a pty between your console and the container's. _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
