Hi all,
I'm trying to restrict privileges of "root" user inside the container. I
came across this "idmap" element of Libvirt Domain XML file.
<idmap>
<uid start='0' target='1000' count='10'/>
<gid start='0' target='1000' count='10'/>
</idmap>
This says that user with uid 0 in the container is mapped to user with uid
1000 on the host.
I checked if it works, I created a file with root user inside the container
and checked uid of the file. Inside the container I get uid of file as 0
and even on host I get the same uid as 0 instead of 1000.
Later I checked the output of "lxc-checkconfig". Output was:
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
*User namespace: missing*
Network namespace: enabled
Multiple /dev/pts instances: enabled
Here it shows that User namespace support is missing. I tried to check for
Namespaces Support in kernel menuconfig. It has support for following
namespaces only:
--- Namespaces support
[*] UTS namespace
[*] IPC namespace
[*] PID Namespaces
[*] Network namespace
There is no User Namespace support.
How should I get this user namespace working on my system?
The link says that User Namespace feature has already been implemented
in *kernel
3.9.*
Reference Link: https://lwn.net/Articles/532593/
My system details are as follow:
OS: Fedora 19
*Kernel: 3.9.5*
Please help me out getting user namespace working on my system.
Thanks and regards,
Saurabh Deochake.
------------------------------------------------------------------------------
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
