On Tue, Oct 18, 2011 at 9:47 AM, Serge E. Hallyn <serge.hal...@canonical.com> wrote: > Quoting Ryan Campbell (ryan.campb...@gmail.com): >> fedora 13 >> lxc 0.7.2-1.fc13 >> >> >> I've used lxc-setcap to allow non-root to run lxc-start. This seems to >> work OK, until LXC attempts to launch init. Init fails with "init: >> Need to be root". >> >> I would expect init to be launched using the 0 UID of the container. >> However, from what I've read, UID namespaces are not complete yet. >> >> Is this correct? Should one expect that once UID namespaces are >> implemented within lxc, that one should be able to launch processes as >> "root" within the container, but have them run as non-root from the >> perspective of the host? > > Yes. > >> Is there anywhere I can read more about this? > > http://wiki.ubuntu.com/UserNamespace
Very informative, thanks. > > I've got a few patches to send yet for tightening down some remaining > privilege leaks, then we should be ready to start relaxing things to make > them usable. This includes Eric's simple implementation of assigning a > superblock to a user namespace. My current tree is at > http://kernel.ubuntu.com/git?p=serge/linux-2.6.git;a=shortlog;h=refs/heads/userns > > (Please feel free to join in!) > > thanks, > -serge > ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users