Quoting Ryan Campbell (ryan.campb...@gmail.com): > fedora 13 > lxc 0.7.2-1.fc13 > > > I've used lxc-setcap to allow non-root to run lxc-start. This seems to > work OK, until LXC attempts to launch init. Init fails with "init: > Need to be root". > > I would expect init to be launched using the 0 UID of the container. > However, from what I've read, UID namespaces are not complete yet. > > Is this correct? Should one expect that once UID namespaces are > implemented within lxc, that one should be able to launch processes as > "root" within the container, but have them run as non-root from the > perspective of the host?
Yes. > Is there anywhere I can read more about this? http://wiki.ubuntu.com/UserNamespace I've got a few patches to send yet for tightening down some remaining privilege leaks, then we should be ready to start relaxing things to make them usable. This includes Eric's simple implementation of assigning a superblock to a user namespace. My current tree is at http://kernel.ubuntu.com/git?p=serge/linux-2.6.git;a=shortlog;h=refs/heads/userns (Please feel free to join in!) thanks, -serge ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
