This is expected. lxc-execute allows you to run commands without a
rootfs. Other isolation mechanisms are still available. Say, you have
sub{u,g}ids defined and you want to run a shell in a set of new
namespaces including user namespaces you can do:
sudo lxc-execute -n ns1 -l debug -o AAA -s "lxc.id_map = u 0 165536
65536" -s "lxc.id_map = g 0 165536 65536" -- bash
Which in the hosts process tree shows up as:
root 21209 0.0 0.0 56916 3840 pts/14 S+ 12:22 0:00 \_
sudo lxc-execute -n ns1 -s lxc.id_map = u 0 165536 65536 -s lxc.id_map = g 0
165536 65536 --
bash
root 21210 0.0 0.0 46264 4552 pts/14 S+ 12:22 0:00
\_ lxc-execute -n ns1 -s lxc.id_map = u 0 165536 65536 -s lxc.id_map = g 0
165536 65536 -- bash
165536 21212 0.0 0.0 46140 4192 ? Ss 12:22 0:00
\_ /usr/sbin/init.lxc --name ns1 --lxcpath /var/lib/lxc --logpriority ERROR
-- bash
165536 21246 0.0 0.0 18348 3236 ? S 12:22 0:00
\_ bash
And as you can see the {u,g}ids are mapped. And looking at the log I
appended you can see that other isolation mechanisms are still in place.
So not a bug.
** Attachment added: "AAA"
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1680330/+attachment/4856068/+files/AAA
** Changed in: lxc (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1680330
Title:
lxc-execute can run commands in current namespace
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1680330/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
