I have read and think I understand the uid/gid mapping stuff here:
https://insights.ubuntu.com/2017/06/15/custom-user-mappings-in-lxd-containers/
If I add a disk (directory) as a device to my container, it seems I need
to do any changing of ownership in the host, not in the container.
That makes sense because of the uid/gid mapping - to the host, the
directory is not owned by root, and so it won't let UID=165536 chown it
to someone else.
Is there a way I can allow this to happen, that is still secure?
If I map root in the container to root in the host (through /etc/subuid
and /etc/subgid) I think I could make this happen, but I'm assuming this
would mean that if user root in the container ever broke out, they would
be root in the host, and that's not good.
Tony
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
