On 05/06/2016 10:48 AM, Tamas Papp wrote:
On 01/07/2016 02:15 PM, Tamas Papp wrote:
hi,
First of all I want to declare, that I'm not sure it really because
of an unprivileged container...but I have not found other difference
yet.
Ordinary users are coming from ldap servers. On clients sss is
configured properly, everything works properly so far.
Recently I deployed a container, however not with pure privileged LXC
(running as root), but LXD (unprivileged).
Now one thing does not work and it makes things messed up.
this works: id USER
this not: id (running as USER)
The second one does not reflects user ldap groups.
Obviously the same happens for example if I want to use sudo or
something else, that depends on the user's ldap group.
I have strace outputs, I see difference, but no reason.
Any idea? To me it looks like a kind of weird bug.
hi,
First time I sent it to the devel list, but maybe it would be better
here: did anybody else face this behaviour?
If I set 'security.privileged: true', it is working fine.
I think I have it.
By default IPA (ldap server) assign high uids and gids to users and
groups, high means 400.000.000+. Don't ask me why.
Modifying /etc/subuid and /etc/subgid to something like this helped a
lot, now it's OK:
root:110000:*500000000
*I don't know, whether a nested container works properly.
Cheers,
tamas
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users
