[lxc-users] root at container can't chown an added disk device
Tony Lewis
tony at lewistribe.com
Tue Aug 8 04:50:11 UTC 2017
I have read and think I understand the uid/gid mapping stuff here:
https://insights.ubuntu.com/2017/06/15/custom-user-mappings-in-lxd-containers/
If I add a disk (directory) as a device to my container, it seems I need
to do any changing of ownership in the host, not in the container.
That makes sense because of the uid/gid mapping - to the host, the
directory is not owned by root, and so it won't let UID=165536 chown it
to someone else.
Is there a way I can allow this to happen, that is still secure?
If I map root in the container to root in the host (through /etc/subuid
and /etc/subgid) I think I could make this happen, but I'm assuming this
would mean that if user root in the container ever broke out, they would
be root in the host, and that's not good.
Tony
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170808/31d263b0/attachment.html>
More information about the lxc-users
mailing list