Hi everybody,
I'm trying to start a container as user. After some patches, I managed to have something working. lxc-start exec /sbin/init inside the container as expected. (My container is a debian one, but it doesn't matter I think), since sysvinit check if the current uid is root, it doesn't work. I get : > $ lxc-start […] > init: must be superuser. If I run : > lxc-start […] /usr/bin/whoami I get : > /usr/bin/whoami: cannot find name for user ID [my user id] A successful workaround is to put a suid on /sbin/init inside the container. But I would like to avoid it. Because, besides being dirty, it allows anyone inside the container to run /sbin/init as root. I read lxc code, I didn't find any place where lxc-start used setuid(), or changed uid before exec'ing. (Maybe I just didn't see it.) This makes me wondering two things… – Is it possible to start/stop a container as user ? How'd you do it ? – Do you use the kernel's user namespace ? How do you change user uid before starting a container ? Thank you. -- Antoine Catton Nexedi Intern ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
